On March 2, 2026, DPRK-linked operators compromised four Neutralinojs GitHub repositories using the stolen alphagamer7 contributor account. The attacker force-pushed backdated malicious commits in a 132-second window, hid obfuscated JavaScript payloads in routine-looking files, spoofed trusted authors, and deployed a BeaverTail payload tied to Contagious Interview activity, targeting developer credentials, Discord data, VSCode/Cursor environments, SSH keys, npm tokens, and cryptocurrency wallets.