Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Microsoft says latest attack targets Leo Platform and RStreams packages, harvesting creds and going after more maintainers ...

Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, ...

Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised. Powered by the Ethereum blockchain, dydX is a ...

A npm supply chain attack named Miasma compromised 32 official packages under Red Hat's @redhat-cloud-services namespace on June 1, 2026, injecting a self-propagating credential-stealing worm that ...

Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users compromised a lot of packages.

The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...

A significant security incident involving the widely used npm package “eslint-config-prettier” has been uncovered. The package, downloaded more than 3.5 billion times, was compromised on July 18 after ...