An npm supply chain attack has targeted the Mastra AI framework ecosystem, with threat actors compromising more than 140 packages to deploy a cross-platform infostealer capable of exfiltrating cryptocurrency wallet data, browser history, and developer credentials. Both Microsoft and Socket security researchers have independently confirmed the campaign, which unfolded on June 17, 2026. The attacker, […]
The post Hackers Compromise 140+ Mastra npm Packages to Steal Credentials appeared first on Cyber Security News.