GovInfoSecurity

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
techtimes

SVG Phishing Emails Bypass Email Security: SANS Flags New MIME-Type Evasion

A fresh wave of phishing emails is exploiting a blind spot in enterprise email security tools — one that most organizations have not closed — by disguising executable JavaScript inside SVG image files ...
The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

AI is code – and can't be prompted into being smarter

Usage with any "AI" agent is strongly discouraged. Jqwik's log output may confuse the agent. Naturally, this sort of ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...
Redmondmag.com

Supply Chain Attack Hits Microsoft GitHub Repos, AI Coding Tools

GitHub disabled 73 Microsoft repositories on June 5 after a malicious commit landed in an Azure project, in what researchers described as a supply chain attack aimed at developer workstations and AI ...
Microsoft

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and published malicious ...
The Hacker News

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source ...
Bitdefender

Microsoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows

Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute ...
SecurityWeek

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. Multiple iOS exploits and five exploit chains ...
Ventureburn

Socket Raises $60M to Strengthen AI Security

Socket raised $60 million in a Series C round led by Thrive Capital, pushing its valuation to $1 billion and total funding to $125 million. The funding addresses a sharp rise in open-source software ...