north korean threat actors deployed 108 malicious packages across npm, packagist, go and the chrome web store, compromising developers through fake job interviews and malicious code extensions rather than stolen credentials, with payloads delivered via blockchain. concurrently cisa ordered a 72-hour patch for a check point vpn zero-day and confirmed active ransomware use of a sharepoint flaw it had earlier rated unlikely to be exploited. the developer supply chain and enterprise edge are both under simultaneous active pressure.