DataBreachToday

Mastra AI Framework Poisoned in npm Supply-Chain Attack

The popular Mastra AI framework, used to build artificial intelligence agents, workflows and retrieval-augmented generation ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Tech Times

npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes

Mastra AI’s 144 JavaScript packages was executed in just 88 minutes by North Korea’s Sapphire Sleet hacking group, which ...
The Hacker News

145 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Trump seeking edits to US-Iran deal, US media report

The requested changes are related to the Strait of Hormuz and the removal of highly enriched uranium, according to US media.

Iran deal ‘architect’ JD Vance risks the fury of GOP hawks

As news of a deal to end the Iran war broke on Sunday, Republican hawks could not believe their ears. After weeks of going to ...
Tech Times

npm v12 Security Overhaul Blocks Install Scripts by Default: July Deadline for CI Migration

July 2026, blocking install scripts, Git dependencies, and remote URL sources by default. Every team running npm install in ...

CrowdStrike 2026 Technology Threat Landscape Report: China Steals AI Capabilities It Can’t Build

CrowdStrike (NASDAQ: CRWD) today released the CrowdStrike 2026 Technology Threat Landscape Report, revealing that China-nexus adversaries are escalating espionage against technology organizations to ...

Israel and Hezbollah agree to ceasefire after fighting postpones U.S.-Iran talks

Iranian officials didn’t travel as planned to Switzerland, insisting that fighting in Lebanon must stop before talks can take place, officials say ...

US and Iran 'very close' to deal but 'not there yet', Vance says

US officials earlier told the BBC that the framework of a ceasefire extension deal had been agreed, pending the approval of Trump and Iran's leadership.
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...