[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:north-korea-linked-npm-packages-mimic-rollup-polyfills-to-steal-developer-secret-mr7154zq":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":16,"article_ids":17,"ioc_summary":19,"source_urls":20,"status":22,"expires_at":23,"created_at":24,"updated_at":25,"articles":26},"6ba38348-2246-4ce9-8c57-ad59a121715d","North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets","north-korea-linked-npm-packages-mimic-rollup-polyfills-to-steal-developer-secret-mr7154zq","North Korea-linked threat actors deployed malicious npm packages mimicking legitimate Rollup polyfills to compromise developer environments. Affected developers who installed 'rollup-packages-polyfill-core' or 'rollup-runtime-polyfill-core' are at immediate risk of credential theft, source code exfiltration, and remote code execution. This supply chain attack targets development secrets and secrets management systems.","critical","advisory",[],[13,14,15],"JFrog","npm","@nut-tree-fork\u002Fnut-js","Immediately audit npm package.lock files and node_modules for 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core'. Remove these packages, rotate all developer credentials and API tokens, and scan affected machines for data exfiltration and persistence mechanisms.",[18],"89cb84cd-06fd-4a1e-b3cb-2ba3fe8ad3c6",null,[21],"https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fnorth-korea-linked-npm-packages-mimic.html","active","2026-07-07T00:05:12.331+00:00","2026-07-05T00:05:15.87784+00:00","2026-07-05T00:05:19.654335+00:00",[27],{"id":18,"title":6,"url":21}]