0
Deep & Emerging Tech·July 3, 2026·1 min read

North Korea-linked npm packages impersonate Rollup polyfill tools to steal developer secrets

Share

Nation-state actors are now seeding npm with lookalike build tooling — not just obvious malware — to exfiltrate developer creds and gain remote access. Lock down your supply chain: pin dependencies, audit new packages in build systems, and treat CI/CD credentials as crown jewels.

Deep & Emerging Tech

The man who built Pegasus now sells governments the antidote, and Latin America is buying

The creator of Pegasus now selling AI-powered "antidote" tools into Latin American governments at a $3B valuation shows how offensive cyber expertise is being repackaged as defensive product. For anyone running critical infrastructure or public-sector stacks in the region, assume both sides of the capability curve are commercialized and plan for a faster attack–defense cycle.