Storia in 1 fonti

Nation-State Actors Are Now Targeting Your AI Agent's npm Packages

Sapphire Sleet (North Korean APT) compromised 140+ Mastra npm packages via postinstall hook to steal AI API keys and cloud credentials from developer machines. Here is how the attack worked and how pre-install scanning stops it.

Raccontata da

dev.to

Timeline cronologica

giovedì 25 giugno 2026·dev.to
Nation-State Actors Are Now Targeting Your AI Agent's npm Packages
Sapphire Sleet (North Korean APT) compromised 140+ Mastra npm packages via postinstall hook to steal AI API keys and cloud credentials from developer machines. Here is how the…