TasksJacker: Latest DPRK Attack Skips the Fake Interview and Goes Straight to Compromising GitHub Users

The TasksJacker campaign marks a new era in supply chain attacks by weaponizing VS Code auto-execution, rewriting git history to evade detection, and leveraging multi-blockchain command and control—allowing DPRK-linked threat actors to silently compromise hundreds of GitHub repositories and developers with infrastructure that is nearly impossible to take down.