North Korean Malware Campaign Hits Five Ecosystems, React Native 0.85, Next.js RSC DoS, and AI Git Tooling
Published on 09.04.2026
North Korean Hackers Spread 1,700+ Malicious Packages Across npm, PyPI, Go, Rust, and PHP
TLDR: The Contagious Interview campaign, linked to North Korea, has expanded from its original footprint to five open-source ecosystems since January 2025. Over 1,700 malicious packages have been published, impersonating legitimate developer tooling and acting as malware loaders that fetch second-stage payloads. PHP's Packagist is now the fifth ecosystem affected.
N. Korean Hackers inject one PHP component: golangorg/logkit
CVE-2026-23869: DoS Vulnerability in Next.js React Server Components
TLDR: A high-severity vulnerability (CVSS 7.5) affects React Server Components in Next.js 13.x through 16.x. A specially crafted HTTP request to any App Router Server Function endpoint can trigger excessive CPU usage during deserialization, causing a Denial of Service. Vercel has deployed WAF-level mitigations.
React Native 0.85: Shared Animation Backend, TextInput Selection, and Jest Preset
TLDR: React Native 0.85 ships with a new Shared Animation Backend built with Software Mansion that powers both Animated and Reanimated, adding support for animating Flexbox and layout props with the native driver. TextInput onChange events now include selection data, and a new Jest preset package simplifies testing.
New Animation Backend, TextInput Selection Data, New Jest Preset Package - React Native 0.85
Gitpack: AI-Powered Git Packaging CLI
TLDR: Gitpack is an open-source CLI tool that handles the full Git packaging workflow -- grouping related file changes into logical commits with rationale, flagging risky areas like auth and schema changes, drafting PR summaries, and tracking review progress including CI status and reviewer assignments.
GitHub - Arindam200/gitpack: AI-powered Git packaging CLI
Handling Unreasonable AI Productivity Expectations
TLDR: A CTO consultant shares practical advice for managing unreasonable AI productivity expectations in tech organizations. Using a real CEO client case, the author argues that comparing established engineering teams to small greenfield startups is a flawed apples-to-oranges comparison.