SlowMist
SlowMist|6月 17, 2026 10:58
🚨 SlowMist TI Alert 🚨 A coordinated npm supply chain attack affecting 140+ @mastra/* packages. The affected packages added a dependency on easy-day-js@^1.11.21, which can be automatically resolved during installation to the malicious version easy-day-js@1.11.22, triggering attacker-controlled code through an install-time hook. Potential attacker actions include install-time code execution, persistence on Windows/macOS/Linux, browser history collection, cryptocurrency wallet extension inventory, credential or CI secret exposure through follow-on tasking, and data exfiltration. Treat any system that installed affected @mastra/* versions as potentially compromised: remove malicious versions and easy-day-js, delete node_modules and package caches, reinstall known-clean versions with verified lockfiles, isolate impacted hosts, preserve logs, remove persistence artifacts, and rotate npm, GitHub, cloud, SSH/Git, CI/CD, and wallet-related credentials where exposure is possible. As always, stay vigilant! https://enterprise.misteye.io/threat-intelligence/SM-2026-286130(SlowMist)
Share To

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads