144 Mastra npm Packages Compromised via Hijacked Contributor Account

Updated on June 17, 2026

As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity.

“A single npm account (ehindero) mass-published more…

Read the rest of the story at Read More

Source: The Hacker News

December 3, 2024 Uncategorized

North Korean Kimsuky Hackers Use Russian...

April 25, 2025 Uncategorized

Researchers Identify Rack::Static Vulner...

July 16, 2025 Uncategorized

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Related posts

North Korean Kimsuky Hackers Use Russian...

Researchers Identify Rack::Static Vulner...

Google AI “Big Sleep” Stops ...

Leave a Comment Cancel reply

Recent News

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

Adversarial Exposure Validation Turns Security Visibility into Confident Prioritization

The Top 10 Attack Surface Exposures in 2026

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

144 Mastra npm Packages Compromised via Hijacked Contributor Account

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive