Technology⚠ unverified · 20%

Microsoft has identified a supply chain attack on the Mastra-AI npm ecosystem, with 80+ packages compromised via npm account takeover. The attacker introduced a phantom dependency into the compromised

Name: Microsoft has identified a supply chain attack on the Mastra-AI npm ecosystem, with 80+ packages compromised via npm account takeover. The attacker introduced a phantom dependency into the compromised
Start: 2026-06-17T04:05:09.857000Z

Machine-generated label — not the source headline.

Unverified, machine-classified. This event was auto-detected from a single BLUESKY news source. The title is a machine-generated label — not the article’s headline — and may not reflect the source. Open the source to confirm; treat as a developing signal until verified.

When: 2026-06-17 04:05 UTC
Where: Location unknown
Category: cyber · supply_chain_attack

Microsoft has identified a supply chain attack on the Mastra-AI npm ecosystem, with 80+ packages compromised via npm account takeover. The attacker introduced a phantom dependency into the compromised packages. The malicious dependency was published by a single anonymous maintainer <24 hours ago.

Involved actors & entities

People, organizations and places machine-extracted from the source reporting — they power search and the correlation graph. Extracted automatically, so they can include noise, especially on events still marked unverified.

supply chain attack

Sources

Bluesky ↗ · first seen 2026-06-17 04:05 UTC

Defaxon links out to the original reporting and never republishes article text.

Correlated events

Computed by the Defaxon correlation engine — linked by shared actors, co-location, and temporal proximity. Scored hypotheses, never causal claims.

← Back to the live map