FRIDAY, JULY 3, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

North Korean Hackers Use Fake npm Packages to Steal Developer Secrets

By Meridian48 News Desk · Summarised from The Hacker News ·

Two malicious npm packages, rollup-packages-polyfill-core and rollup-runtime-polyfill-core, impersonate legitimate Rollup polyfill tools to steal credentials and enable remote access. Discovered by JFrog, the packages mimic the real rollup-plugin-polyfill-node project in metadata and description. Developers who installed them risk data theft and system compromise.

Meridian48 take
This attack underscores the growing sophistication of supply-chain threats, where even well-known tools like Rollup are cloned to target developers.
Read the full reporting
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets →
The Hacker News
npm-supply-chainnorth-korea
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan