Threat actors with ties to North Korea have been linked to a
fresh set of malicious npm packages that masquerade as Rollup
polyfill tooling to facilitate remote access and data theft.
According to JFrog, the packages "rollup-packages-polyfill-core"
and "rollup-runtime-polyfill-core" mimic the legitimate
"rollup-plugin-polyfill-node" project, down to the description,
repository metadata, and
Read more https://thehackernews.com/2026/07/north-korea-linked-npm-packages-mimic.html

