North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.

According to JFrog, the packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” mimic the legitimate “rollup-plugin-polyfill-node” project, down to the description, repository metadata, and

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Minimus container images are now free

Minimus container images are now free Source: Hacker News

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package

Attack Update: Top 5 Attack-IPs auf doode.info – 16.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 89.167.35.212 — 303 requests (recent log) 65.21.124.77 — 83 requests (recent log) 213.209.159.175 — 59 requests (recent