Mastra Framework: 144 npm Packages Compromised with Infostealer18. June 2026Cybersecurity144 npm packages of the Mastra Framework have been infected with an infostealer that steals wallet and browser data during installation, already affecting the heavily-used core package. Share on:
Rust Malware IronWorm Found in 36 npm Packages with eBPF Rootkit16. June 2026CybersecurityIronWorm leverages a Rust-based eBPF rootkit to steal developer credentials (OpenAI, Anthropic APIs, AWS certificates, npm tokens, SSH keys) and autonomously propagate itself across npm accounts. Share on:
Red Hat: NPM Packages Compromised by Mini-Shai-Hulud Malware2. June 2026CybersecurityThe Mini-Shai-Hulud malware exploits the NPM ecosystem for distribution and has compromised Red Hat packages. Share on:
Malicious npm Package Targets OpenAI Codex Users and Exposes Supply Chain Risks2. June 2026Claude Code, Cybersecurity, OpenAIAttackers exploited a seemingly legitimate npm package with 27,000 weekly downloads to steal refresh tokens that grant unlimited access to accounts. Share on: