Briefing financecritical-infrastructure
Sapphire Sleet Compromises 144 Mastra AI npm Packages in 88-Minute Operation
North Korean state actor Sapphire Sleet hijacked a contributor account to the Mastra AI framework and injected credential-stealing malware into 144 npm packages in under 90 minutes, targeting LLM API keys, cryptocurrency wallets, and cloud credentials across the AI developer ecosystem.