Friday 26 June 2026 06:40:04 GMT+02:00

Netcrook

HomeManifesto
News
Corporate Security IncidentsCloud, SaaS & Identity SecurityIndustrial Cybersecurity & Critical InfrastructureCyber Intelligence, TrendsAI Security & Agentic SystemsCyber Intelligence & Threat TrendsCyber WarfareCyber Warfare & Nation-State OperationsCyber CriminalityBreaches & Data LeaksCybercrimeMalware & BotnetsRansomware & ExtortionSecurity Awareness & Social EngineeringLegal PolicyLegal, Policy & Government CybersecurityPrivacy, Regulation & ComplianceTechnology, InnovationTechnology, Innovation & Digital InfrastructureVulnerabilities Patch ManagementResearch, Exploits & Offensive SecurityVulnerabilities & Patch Management
Techcrook
Tutte le tecnologieIdentita e accessoFirewall e reteBackup e archiviazioneEnergia e continuitaPrivacy e sicurezza fisicaLaboratorio e prototipazioneStampa e tracciabilitaTecnologia quotidiana
Geocrook
AfricaAsiaEuropeMiddle EastNorth AmericaOceaniaSouth America
WikicrookTeamAppContact
EnglishItalianoArabic

#Mastra packages

One Hijacked npm Identity Can Poison an Entire Dependency Chain

22 June 2026 10:28CybercrimeNorth America / USACIPHERWARDEN

A maintainer-account takeover tied to poisoned Mastra packages shows how package registries can become malware delivery systems when publisher trust is broken.

#Sapphire Sleet | #npm takeover | #Mastra packages

When a Trusted Package Turns Toxic: The Mastra npm Intrusion

22 June 2026 10:12Malware & BotnetsNorth America / USANEXUSGUARDIAN

A hijacked maintainer path, a typosquat package, and two very different payloads show how supply-chain abuse can reach far beyond one namespace.

#npm supply chain | #Mastra packages | #PowerShell backdoor