144 Mastra npm Packages Hijacked in Supply Chain Attack
🟠High | Source: The Hacker News 144 npm packages in the Mastra AI framework namespace were compromised after an attacker hijacked a contributor’s npm account, in an attack dubbed ’easy-day-js’. The malicious packages could have been pulled into AI application builds by developers unaware of the compromise. This is a classic software supply chain attack, where trust in a legitimate open-source project is exploited to distribute malicious code at scale. ...