> TritonInfoSec News
Home / Jun 18, 2026 / Story
0
#5 The Hacker News general June 17, 2026 at 07:38 UTC

144 Mastra npm Packages Compromised via Hijacked Contributor Account

By [email protected] (The Hacker News)

AI Summary

A supply chain attack dubbed 'easy-day-js' compromised 144 npm packages in the Mastra '@mastra/*' namespace after attackers hijacked a single contributor account (ehindero), affecting a widely-used JavaScript/TypeScript AI application framework. Findings were reported by JFrog, SafeDep, Socket, and StepSecurity, underscoring the ongoing risk of single-account compromise cascading across large package ecosystems.

Read full article → https://thehackernews.com/2026/06/144-mastra-npm-p…

Relevance score: 85.0/100

# More from June 18

  1. 1
    Massive breach spills credentials for thousands of sensitive networks Ars Technica Security
  2. 2
    FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. BleepingComputer
  3. 3
    Critical Fortinet FortiSandbox flaws now exploited in attacks BleepingComputer
  4. 4
    Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development The Hacker News
  5. 6
    CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution The Hacker News
  6. 7
    Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack SecurityWeek
  7. 8
    GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say The Record
  8. 9
    Critical Copilot vulnerability allowed hackers to seal 2FA code from users Ars Technica Security
  9. 10
    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats The Hacker News