North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.

According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project, down to the description, repository metadata, and

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

CAPTCHAs have failed for 20 years

CAPTCHAs have failed for 20 years Source: Hacker News

AI children’s books, body horror edition

AI children’s books, body horror edition Source: Hacker News

Attack Update: Top 5 Attack-IPs auf doode.info – 18.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 74.7.227.2 — 1146 requests (recent log) 213.209.159.175 — 263 requests (recent log) 89.167.35.212 — 183 requests (recent