VulnHub

Real-time Cybersecurity News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

The Hacker News
Actively Exploited
UpdateMalware

Overview

Researchers have uncovered a software supply chain attack affecting 144 npm packages linked to the Mastra namespace, which is used for building AI applications. The attack, identified by JFrog, SafeDep, Socket, and StepSecurity, involved the hijacking of a single npm account belonging to a user named 'ehindero', who then published malicious versions of these packages. This incident raises significant concerns for developers who rely on the Mastra framework, as it could lead to the introduction of vulnerabilities in their applications. Users of these compromised packages are urged to check their dependencies and update to secure versions to avoid potential risks. This event serves as a reminder of the importance of securing contributor accounts in open-source ecosystems.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: @mastra/* npm packages
  • Action Required: Users should check their dependencies and update to secure versions of the affected packages.
  • Timeline: Newly disclosed

Original Article Summary

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from JFrog, SafeDep, Socket, and StepSecurity. "A single npm account (ehindero) mass-published more

Impact

@mastra/* npm packages

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should check their dependencies and update to secure versions of the affected packages.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Update, Malware.

Read Original Article

Related Coverage

Fifteen JetBrains Marketplace Plugins Found Stealing API Keys

Infosecurity Magazine

Aikido Security has found that at least 15 plugins available on the JetBrains Marketplace are stealing API keys from users. These malicious plugins disguise themselves as legitimate tools for integrated development environments (IDEs) but are designed to extract sensitive information. This situation affects developers who rely on these plugins for their work, potentially exposing their projects and personal data. The discovery raises concerns about the security of third-party plugins and the need for vigilance among users when downloading software. Developers should review their installed plugins and consider removing any that might be suspicious.

Jun 17, 2026

Oracle’s Second Monthly Security Updates Deliver 245 Patches

SecurityWeek

Oracle has rolled out its June 2026 Critical Security Patch Update, addressing a total of 245 vulnerabilities across various products, including Communications, E-Business Suite (EBS), and Enterprise Manager. This update is crucial as it aims to protect users from potential exploitation of these vulnerabilities, which could lead to unauthorized access or data breaches. The large number of patches indicates a significant risk across multiple platforms, making it essential for organizations using these products to apply the updates promptly. By doing so, they can safeguard their systems against possible attacks that may target these weaknesses. Users are encouraged to review the specific patches applicable to their environments and implement them as soon as possible to enhance their security posture.

Jun 17, 2026

Malicious apps got into the Arch User Repository - how to protect yourself

Latest news

Arch Linux users are facing a serious issue as malicious applications have been discovered in the Arch User Repository (AUR) for the second time in just one week. This repository is a popular resource for users looking to install software not found in the official Arch repositories, making it a prime target for attackers. The presence of these harmful applications poses a risk to users who may inadvertently install them, potentially leading to data breaches or system compromise. It’s essential for users to be cautious and verify applications before installation. The Arch community is urged to report any suspicious packages and follow best practices for software installation to avoid falling victim to these threats.

Jun 17, 2026

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

SecurityWeek

Recent vulnerabilities found in Joomla and LiteSpeed have been exploited by attackers to execute arbitrary PHP code on shared hosting servers. This means that intruders can potentially gain root access, which allows them to take complete control of affected systems. Websites running Joomla or using LiteSpeed as their web server are particularly at risk. This situation highlights the pressing need for website administrators to ensure their systems are up-to-date and to implement necessary security measures. Failure to address these vulnerabilities could lead to significant data breaches and service disruptions for users.

Jun 17, 2026

Security Community Slams US Ban on Exporting Mythos, Fable

darkreading

A group of security experts has expressed strong opposition to the U.S. government's recent ban on exporting Anthropic's AI models, specifically Claude Fable 5 and Mythos 5. In an open letter, the experts argue that these export restrictions hinder progress in the field of artificial intelligence and could have negative implications for research and development. They believe that limiting access to these advanced models could stifle innovation and collaboration among researchers. This situation raises concerns about the balance between national security and the advancement of technology, as the ban could impact various sectors that rely on AI advancements. The experts are urging the government to reconsider these restrictions to foster a more open and collaborative environment in AI research.

Jun 16, 2026

Malicious JetBrains Marketplace plugins steal AI API keys from developers

BleepingComputer

Researchers have identified at least 15 malicious plugins on the JetBrains Marketplace that are specifically designed to steal AI API keys from developers. These plugins masquerade as legitimate tools, but once installed, they can access sensitive information, putting developers' projects and data at risk. This incident affects anyone using the JetBrains development environment who may unknowingly install these harmful plugins. The theft of API keys can lead to unauthorized access to AI services, potentially resulting in financial losses and compromised projects. Developers are urged to review their installed plugins and ensure they are from trusted sources to protect their work.

Jun 16, 2026