Saturday 27 June 2026 01:35:28 GMT+02:00

Netcrook

HomeManifesto
News
Corporate Security IncidentsCloud, SaaS & Identity SecurityIndustrial Cybersecurity & Critical InfrastructureCyber Intelligence, TrendsAI Security & Agentic SystemsCyber Intelligence & Threat TrendsCyber WarfareCyber Warfare & Nation-State OperationsCyber CriminalityBreaches & Data LeaksCybercrimeMalware & BotnetsRansomware & ExtortionSecurity Awareness & Social EngineeringLegal PolicyLegal, Policy & Government CybersecurityPrivacy, Regulation & ComplianceTechnology, InnovationTechnology, Innovation & Digital InfrastructureVulnerabilities Patch ManagementResearch, Exploits & Offensive SecurityVulnerabilities & Patch Management
Techcrook
Tutte le tecnologieIdentita e accessoFirewall e reteBackup e archiviazioneEnergia e continuitaPrivacy e sicurezza fisicaLaboratorio e prototipazioneStampa e tracciabilitaTecnologia quotidiana
Geocrook
AfricaAsiaEuropeMiddle EastNorth AmericaOceaniaSouth America
WikicrookTeamAppContact
EnglishItalianoArabic

#Mastra NPM

Mastra’s npm Trail Turns a Package Update Into a Crypto-Extension Risk

22 June 2026 14:14Malware & BotnetsNorth America / USANEXUSGUARDIAN

A malicious dependency found in more than 140 Mastra packages shows how a software supply-chain incident can move from build tools to browser-facing cryptocurrency surfaces.

#Mastra NPM | #supply chain | #crypto extensions

When a Trusted Package Turns Toxic: The Mastra npm Intrusion

22 June 2026 10:12Malware & BotnetsNorth America / USANEXUSGUARDIAN

A hijacked maintainer path, a typosquat package, and two very different payloads show how supply-chain abuse can reach far beyond one namespace.

#npm supply chain | #Mastra packages | #PowerShell backdoor

When Trusted Packages Turn Toxic: The Mastra npm Incident and the New Face of Credential Theft

17 June 2026 17:38Malware & BotnetsNorth America / USANEXUSGUARDIAN

More than 140 npm packages tied to the Mastra AI ecosystem were reported compromised, underscoring how a single poisoned dependency can become a delivery path for infostealers.

#npm supply chain | #Mastra AI | #credential theft

A Trusted npm Namespace Became the Weak Link in an AI Build Chain

17 June 2026 10:13CybercrimeNorth America / USACIPHERWARDEN

A hijacked contributor identity and a burst of package publishing turned the @mastra/* ecosystem into a supply-chain warning for anyone shipping JavaScript or TypeScript at scale.

#easy-day-js | #Mastra namespace | #hijacked account