my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #javascript

North Korea Behind Polyfill.io? Supply Chain Poisoning Just Got a State Sponsor

John Z Black Mar 13, 2026

Supply Chain Security #supply-chain #north-korea #polyfill #npm #simple-git #javascript #cve

Forensic research links the Polyfill.io supply chain attack to a North Korean operative. The same week, a CVSS 9.8 RCE hits the simple-git npm library. Your dependency graph is your attack surface.

Read More