Windows Report

Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet Hackers

Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...
DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
Threat Post

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...

npm tackles its riskiest security issues

With npm v12, GitHub closes a central attack vector: installation scripts from dependencies will only run after explicit approval from July 2026.
SecurityWeek

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

In response to recent software supply chain attacks, NPM version 12 is blocking the automatic script execution at install.
Dark Reading

Npm Package Hides Malware in Steganographic QR Codes

Attackers have poisoned a code package on the npm registry in a novel way, hiding credential-stealing malware in steganographic QR codes embedded in a package purporting to offer a JavaScript utility.
Infosecurity-magazine.com

Malicious npm Code Reached 10% of Cloud Environments

Security experts have warned that a newly discovered supply chain attack targeting npm packages is still active and may already have impacted 10% of cloud environments. On Monday, a threat actor ...