
North Korea-linked npm packages impersonate Rollup polyfill tools to steal developer secrets
THE SO WHAT
Nation-state actors are now seeding npm with lookalike build tooling — not just obvious malware — to exfiltrate developer creds and gain remote access. Lock down your supply chain: pin dependencies, audit new packages in build systems, and treat CI/CD credentials as crown jewels.
READ THE SOURCE
MORE FROM THE WIRE
Deep & Emerging TechThis tiny dongle lets you take over an iPhone remotely from your Windows browser, and it costs only $89
Hardware-level remote control of phones and laptops for $89 collapses the barrier between "physical access" and full compromise. If your org has any bring-your-own-device surface, you need to treat USB ports as an attack vector and revisit assumptions about what “trusted endpoints” actually mean.
Deep & Emerging TechThe man who built Pegasus now sells governments the antidote, and Latin America is buying
The creator of Pegasus now selling AI-powered "antidote" tools into Latin American governments at a $3B valuation shows how offensive cyber expertise is being repackaged as defensive product. For anyone running critical infrastructure or public-sector stacks in the region, assume both sides of the capability curve are commercialized and plan for a faster attack–defense cycle.
Deep & Emerging TechSQM-Codelco Venture Maps Path to Higher Lithium Output in Chile
A >70% planned lithium output increase in Chile is a long-duration bet that EV and grid storage demand will keep climbing. If you’re in batteries or EVs, assume more supply but also more geopolitical and environmental scrutiny — lock in diversified sourcing rather than counting on any single region’s ramp.
Deep & Emerging TechThe Chevy Silverado EV is one of the best electric trucks ever built, so why is nobody buying it
A ~14,000 unit year against ICE Silverados selling 10x that per quarter shows that product quality alone doesn’t move truck buyers — charging, price, incentives, and use-case fit still dominate. Fleet and logistics operators should treat EV trucks as targeted deployments where infrastructure and duty cycles line up, not blanket replacements.