Microsoft

Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Microsoft Threat Intelligence identified an active multi-stage intrusion campaign targeting hospitality organizations in ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Stealthy Mistic backdoor linked to ransomware access broker KongTuke

A new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
GitHub

Getting Started in Node.js

Find out how you can get started in Node.js and where you can find answers to questions of any kind. Whether you're new to programming, new to JavaScript, moving to Node.js from another language, or ...
GitHub

Adyen API library for Node.js

Configuration API v2 The Configuration API enables you to create a platform where you can onboard your users as account holders and create balance accounts, cards, and business accounts.
SecurityWeek

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The North Korean state-sponsored threat actor Sapphire Sleet is behind the ...