OpenSourceMalware reports that Lazarus Group remained a high-confidence DPRK supply-chain threat in early 2026, with cryptocurrency theft-focused activity across npm, PyPI, Go, Cargo, and Packagist ecosystems. The Contagious Interview campaign continued to target software engineers through fake recruiting and malicious repositories, using VS Code task execution or package lifecycle-style behavior to run BeaverTail and deploy the InvisibleFerret Python backdoor. The report also describes TasksJacker as a 2026 Lazarus campaign that compromised 400+ repositories by abusing .vscode/tasks.json and multi-blockchain C2 infrastructure, followed by PolinRider weaponizing stolen credentials through malicious pull requests against widely used open-source projects. These findings matter because they show DPRK operators moving from direct social engineering into repository compromise and build-chain abuse that can affect downstream developers and projects.