
JFrog finds North Korea-linked npm packages stealing secrets by mimicking Rollup polyfills
Malicious packages impersonate legitimate Rollup polyfill tooling, aiming to steal developer credentials and open remote access to infected machines.
By Lama Al-Rashid·· 3 min

