A widespread npm supply‑chain compromise to Sapphire Sleet, a North Korean state actor, after the takeover of an npm maintainer account enabled the mass publication of poisoned Mastra packages that silently delivered a multi‑stage implant. The campaign, disclosed June 19, 2026, began when the attacker gained control of the ehindero maintainer identity an account with […]
The post Sapphire Sleet Hijacks npm Maintainer Account to Publish Poisoned Mastra Packages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Read the original article: