Approximately 2,350 GitHub repositories have been confirmed compromised across two concurrent nation-state campaigns: PolinRider-linked actors injecting obfuscated JavaScript into approximately 2,000 repositories, and DPRK-nexus actors compromising approximately 350 repositories in association with the Axios supply chain operation. Attacker objectives center on using GitHub as a malware distribution platform and harvesting GitHub CLI tokens, personal access tokens, and OAuth credentials from developer machines. The GitHub platform itself is not exploited via a software vulnerability — the attack surface is maintainer account compromise and PR injection.