Bleeping Computer

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
Security Boulevard

SmartApeSG Launches Okendo Reviews Supply Chain Attack

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...
ZDNet

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
blockonomi

TrapDoor Malware Campaign Infiltrates Developer Supply Chains to Target Crypto and AI Projects

Cybersecurity company Socket identified a sophisticated malware operation dubbed “TrapDoor” that distributed 34 compromised packages throughout npm, PyPI, and Crates development platforms The ...
来自MSN

The 'mini Shai-Hulud' attack hides inside AI coding agent configs — the first supply ...

On April 29, 2026, someone slipped malicious code into four widely used SAP software packages. Within days, the infection had spread to at least 169 packages across the npm registry, the world’s ...
来自MSN

Researchers detail 'Mini Shai-Hulud' attack exploiting AI coding tools

Novel attack method: Hackers poisoned four SAP npm packages and used AI coding assistant configs to spread malware, a first in documented supply chain attacks. Credential theft impact: The malware ...
The Business Journals

Yemeni coffee chain to open first Baltimore-area shop

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min The coffee shop will take the ...
Dark Reading

TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

TeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack. The compromised packages went live ...
LinkedIn

OpenAI Issues Urgent Warning: macOS Users Must Update ChatGPT & Codex Immediately

OpenAI has launched a sweeping security response following a sophisticated software supply chain attack that exploited a compromised version of the widely used JavaScript library Axios. The incident, ...