Microsoft Threat Intelligence has uncovered a massive supply-chain attack on the npm registry, affecting over 140 packages within the Mastra ecosystem. The campaign relies on a hijacked maintainer account to distribute a malicious typosquat package, which deploys a stealthy Node.js implant and a PowerShell backdoor. Researchers attribute this highly coordinated attack to Sapphire Sleet, a […]
The post Mastra npm Supply Chain Attack Delivers Node.js Implant and PowerShell Backdoor appeared first on Cyber Security News.