11:16
2026-06-17
byteiota.com
ai-agents
144 Mastra npm Packages Backdoored: What to Check Right Now
An attacker hijacked a dormant contributor account and published malicious versions of 144 packages under the @mastra npm scope between 01:15 and 02:36 UTC, targeting the TypeScript AI agent frameworkβ¦