CICI/CD News
LatestAuthorsGlossary
Tag

#malicious-packages

Tagged “malicious-packages”

1 article
Supply-chain security

PolinRider keeps expanding, and the postinstall still lands on your runner

DevOps.com reports two DPRK-linked groups are expanding PolinRider, a supply-chain campaign that pushes malicious packages into developer workflows through long-running fake-interview scams. Socket and Rescana are named as the vendors doing the attribution. The pipeline lesson is old, and unfinished.

Jul 8, 2026 · Tomás Vega
CICI/CD News

Independent CI/CD & deployment news — concise, vendor-neutral takes on pipelines, releases and DevOps tooling.

Network

GitHub ActionsJenkinsGitHubCI/CD Glossary

About

Latest newsAuthorsRSS feedSitemapPowered by Buddy