Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

IntroductionOn May 14, 2026, the Zscaler ThreatLabz team identified unusually high activity associated with the threat actor SmartApeSG to deploy malware. During our examination, we discovered ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...

We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more› By Rachel Wharton Rachel Wharton is a writer covering kitchen appliances. She ...

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

Still looking? See more results on Wirecutter. We independently review everything we recommend. When you buy through our links, we may earn a commission. Learn more› By Caroline Mullen Caroline Mullen ...

Azure Functions shipped a serverless agents runtime in public preview at Build 2026. Agents are defined in .agent.md markdown ...

Rubrik (NYSE: RBRK) today introduced two new Identity Resilience capabilities to expand its product suite. The first, ...

A company rolls out an AI customer service assistant. The model behind it is current and capable enough for the job. The assistant goes live. Within a week, support tickets are getting worse, not ...