Mend.io Blog

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper

Alina Podoba Jun 17, 2026

Mastra npm Scope Takeover: 140+ Packages Compromised via easy-day-js Dropper

Filter & Search

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - @mastra

Mastra npm Scope Takeover: 140+ Packages Compromised via easy-day-js Dropper

Alina Podoba Jun 17, 2026

Malicious Packages

@Mastra npm: 140+ Packages Compromised

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - featured image the verification layer cannot be the model 1000x650

Why AI Can’t Verify Its Own Code and What That Means for Enterprise AppSec

Asaf Saar Jun 16, 2026

AI Models Risk

AI-generated code security needs an independent verification layer.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - blog best software composition analysis services

Best Software Composition Analysis Services: Top 8 in 2026

Shannon Davis Jun 9, 2026

Software Composition Analysis

Compare the top 8 software composition analysis services of 2026.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - shai hulud miasma

Miasma: Red Hat Cloud Services npm Packages Hit by a Mini Shai-Hulud-Style Campaign

Alina Podoba Jun 1, 2026

Malicious Packages

npm packages in @redhat-cloud-services drop a multi-stage cloud credential stealer.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - owasp top 10 llm application vulnerabilities

OWASP Top 10 for LLM Applications: Risks, Impact, and Mitigation

Tiffany Jennings May 28, 2026

AI Models Risk

The OWASP Top 10 for LLM applications, explained risk by risk.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - blog cover top 8 ast providers post

Best Application Security Testing Providers: Top 8 in 2026

Tiffany Jennings May 26, 2026

Application Security Testing

The top 8 application security testing providers to know in 2026.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - blog cover threat news

Laravel-Lang Composer tag-rewrite Supply Chain Attack

Alina Podoba May 22, 2026

Malicious Packages

Four Laravel-Lang Composer packages were poisoned via tag rewrite.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - featured image the eu cyber resilience act 1000x650

The EU Cyber Resilience Act: A Complete Compliance Guide for 2026 and Beyond

Tiffany Jennings May 21, 2026

Application Security

Everything companies need to know about EU CRA compliance before 2027.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - mini shai hulud is back 1

Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account

Alina Podoba May 19, 2026

Malicious Packages

Mini Shai-Hulud strikes again: 323 npm packages compromised via @antv's atool.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - mend securing rubygems

Inside the RubyGems Supply Chain Attack: How Mend Defender Caught a Coordinated Flood Before It Spread

Maciej Mensfeld May 14, 2026

Malicious Packages

How Mend.io caught a coordinated RubyGems attack and what it teaches us.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - mini shai hulud is back

Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave

Tom Abai May 12, 2026

Malicious Packages

Shai-Hulud's largest wave: 172 npm and PyPI packages compromised in 48 hours.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - featured image mend github 1000x650

Mend.io and GitHub Partner to Bring Mend Renovate Cloud to Open Source Maintainers

Jamie Tanna May 7, 2026

Dependency Updates

Mend.io expands Renovate Cloud's OSS plan for GitHub Maintainer Month 2026.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - crn women channel 1000x650 1

Mend.io’s Stephanie Broyles Named to CRN’s 2026 Women of the Channel List

Azi Cohen May 6, 2026

Community

Mend.io CMO Stephanie Broyles named to CRN's 2026 Women of the Channel list.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - blog best sast solutions

Best SAST Solutions: How to Choose Between the Top 12 Tools in 2026

Tiffany Jennings May 5, 2026

SAST

Compare 12 top SAST tools of 2026 and find the right fit for your team.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - npm supply chain attack

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

Tom Abai May 3, 2026

Malicious Packages

33 malicious NPM packages target DeFi, cloud, and AI developer credentials.

Mastra npm scope takeover: 140+ packages compromised via easy-day-js dropper - blog cover linux kernel lpe

CVE-2026-31431 (Copy Fail): Linux Kernel LPE

Dor Hayun Apr 30, 2026

Malicious Packages

New Linux 'copy_fail' LPE gives root on all major distros. Mitigate before patching.

1 2 3 4 ... 37