Security Unlocked

Dprk

Threat Intelligence

Cloud VM Isolation Breaks at the Hypervisor; North Korean Actors Weaponize Maintainer Trust

CVE-2026-53359 (Januscape), a 16-year-old Linux KVM flaw enabling VM-to-host escape, landed patches July 4 while the North Korean PolinRider supply chain campaign hit 100+ legitimate packages through stolen maintainer credentials, graduating beyond typosquatting into a method that subverts the trust signals defenders rely on.

Threat Intelligence

Trust Is the Exploit

From a six-month DPRK social engineering operation to mass exploitation of developer ecosystems, this week's threat landscape reveals that the most reliable attack surface is the trust we extend by default.