SecBoard
Zurück zur Übersicht
Red-TeamerIT/SaaSAD & IdentityKI-Sicherheit

144 Mastra npm Packages Compromised via Hijacked Contributor Account

The Hacker News·
Originalartikel lesen bei The Hacker News

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from...

MITRE ATT&CK Kill Chain (2 Techniken)

Reconnaissance
T1592.002

Software

Execution
T1059.007

JavaScript

Vollständigen Artikel lesen bei The Hacker News

Verwandte Artikel

Splunk Enterprise: Angriffe auf Codeschmuggel-Lücke

heise Security·vor etwa 2 Stunden

CISA warns Fortinet users to secure devices after FortiBleed leak

BleepingComputer·vor etwa 2 Stunden

15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown 

SecurityWeek·vor etwa 2 Stunden

Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone

The Hacker News·vor etwa 2 Stunden

Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure

SecurityWeek·vor etwa 5 Stunden