Volexity attributes a strategic web compromise of Daily NK to InkySquid, an activity set broadly corresponding to ScarCruft/APT37. From late March through early June 2021, attackers modified legitimate Daily NK JavaScript to redirect selected visitors to jquery[.]services infrastructure that served Internet Explorer and legacy Edge exploits, including CVE-2020-1380 and CVE-2021-26411. Successful exploitation delivered Cobalt Strike stagers and, in a later case, an XOR-encoded custom malware family named BLUELIGHT from storage.jquery[.]services. The report is significant because it shows a North Korean actor using short-lived website injections, browser exploits, obfuscated JavaScript, and custom payloads against readers of a South Korea-focused news site.