Storia in 3 fonti

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

North Korean APT Sapphire Sleet has been blamed for compromising over 140 NPM packages across the Mastra AI framework ecosystem.

Raccontata da

bleepingcomputer.com

dev.to

securityweek.com

Confronto fonti

3 prospettive sulla stessa storia

AI · summaries

securityweek.comStai leggendo2 g fa

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

North Korean APT Sapphire Sleet has been blamed for compromising over 140 NPM packages across the Mastra AI framework ecosystem.

originale

bleepingcomputer.com4 g fa

Microsoft links Mastra AI supply chain attack to North Korean hackers

Sapphire Sleet compromised 140+ Mastra npm packages via typosquat stealer, targeting credentials and crypto wallets. npm supply chain attacks auto-deploy on install. Enforce SCA scanning, dependency pinning, and post-install hook auditing.

Leggi questa versione → originale

dev.to4 g fa

North Korean Hackers Poisoned 140+ npm Packages in an AI Dev Tooling Attack. Here's What Would Have Caught It.

North Korea's BlueNoroff poisoned 140+ npm packages in Mastra AI, auto-installed by LLM assistants without validation. npm audit fails on fresh compromises; runtime package validation before install is critical for enterprise AI dev security.

Leggi questa versione → originale

Timeline cronologica

sabato 20 giugno 2026·bleepingcomputer.com
Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as…
domenica 21 giugno 2026·dev.to
North Korean Hackers Poisoned 140+ npm Packages in an AI Dev Tooling Attack. Here's What Would Have Caught It.
The Incident Microsoft's threat intelligence team has attributed a supply chain attack...
lunedì 22 giugno 2026·securityweek.com
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
North Korean APT Sapphire Sleet has been blamed for compromising over 140 NPM packages across the Mastra AI framework ecosystem.