Home / Cybersecurity / Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
infosecurity-magazine.com Jun 22, 2026

Microsoft Attributes Mastra AI Supply Chain Attack to North Korea

Curated by · TechCapsules ·

AI-summarised brief · reviewed before publication

Microsoft has attributed a supply chain attack targeting the open-source Mastra AI framework to North Korean hackers, specifically the Sapphire Sleet group. The attack, which compromised over 140 packages on the npm registry, involved the takeover of a maintainer account and the publication of poisoned code with a malicious dependency. The malware, which could be deployed on Windows, MacOS, and Linux systems, was designed to steal cryptocurrency from wallets and gather sensitive information from infected machines.

💡 Why It Matters

  • · The attack highlights the vulnerability of open-source software supply chains to nation-state actors, who can exploit them to gain access to sensitive information and disrupt critical infrastructure.
  • · The use of social engineering tactics, such as LinkedIn attacks, to compromise privileged accounts underscores the need for robust security measures to protect against these types of threats.
Capsules Cybersecurity Microsoft
Read full article on infosecurity-magazine.com
More in Cybersecurity →
Is the government listening to you through your phone? Here’s what a former CIA officer says
androidcentral.com · Jun 22

Is the government listening to you through your phone? Here’s what a…

A former CIA officer, Jason Hanson, has claimed that every government agency on Earth has the capability to access devices such as smartphones, laptops, and cameras if they choose to. Hanson, who worked for the CIA for seven years, stated that it doesn't matter what device you own or how private you believe it is. He emphasized that the capability exists, not that constant surveillance is taking place, and that agencies can potentially monitor or surveil a target if they choose to. Hanson also warned about the risks of public Wi-Fi networks, recommending the use of a VPN to protect data and communications.

💡 The revelation highlights the pervasive nature of surveillance capabilities, challenging the notion of personal privacy in the digital age. The existence of such capabilities raises questions about the balance between national security and individual rights, and underscores the need for greater awareness and precautions when using digital devices.

Klue hack results in data breach at several cybersecurity firms
techcrunch.com · Jun 22

Klue hack results in data breach at several cybersecurity firms

A hacking group, Icarus, has taken credit for a data breach at market intelligence provider Klue, which allowed hackers to steal data from several of the company's corporate customers, including prominent cybersecurity firms. The breach occurred after hackers gained access to Klue's systems using a compromised legacy credential on June 12. Several companies have confirmed they had data stolen, including Gong, Jamf, and Snyk. Klue has disconnected its integrations to prevent further access to customers' data and has called in incident response firm CrowdStrike.

💡 The breach highlights the vulnerability of companies that hold the keys to other companies' cloud databases, making them a prime target for hackers. By breaching firms like Klue, hackers can steal data from a large number of organizations at once, demonstrating the need for robust cybersecurity measures in the industry.

Your Mac isn’t immune to viruses & surveillance tools, Intego One is here to help
appleinsider.com · Jun 22

Your Mac isn’t immune to viruses & surveillance tools, Intego One is…

Intego One is a comprehensive security tool for Macs, combining antivirus, firewall, Mac cleaner, and VPN functions into one interface. It offers real-time protection against viruses, malware, and spyware, and is compatible with macOS 12 and above. The tool is available in three tiers, with the Essential Tier including antivirus and firewall, the Advanced Tier adding SmartClean for clutter removal, and the Complete Tier including a VPN for encrypted internet traffic. Intego One is currently available at 50% off, making it an attractive option for Mac users seeking dedicated security tools. Its robust features and scalability make it an excellent choice for protecting Macs from evolving threats.

💡 Intego One fills a critical gap in Mac security by providing a dedicated tool to supplement Apple's built-in protections. Having a VPN is now essential for secure browsing, and Intego One's inclusion of this feature sets it apart from other antivirus solutions.

Hackers send fake alien invasion alerts to millions of Brazilians overnight
dexerto.com · Jun 22

Hackers send fake alien invasion alerts to millions of Brazilians overnight

Hackers breached Brazil's national emergency alert system overnight on June 19 and 20, sending fake notifications to residents across at least seven cities. The unauthorized messages, which included warnings of an imminent alien attack, triggered the official extreme alert sound on mobile phones nationwide, causing widespread confusion. The system was taken offline at 1:30 am on Saturday. Brazil's National Civil Protection agency confirmed the messages were sent by an unauthorized third party and handed the case to the Federal Police for investigation.

💡 The breach highlights Brazil's vulnerability to cyber threats, particularly in critical infrastructure. The incident also underscores the need for robust security measures to prevent unauthorized access to sensitive systems, especially those responsible for public safety.

5 Everyday Tech That Can Track Your Activity
slashgear.com · Jun 22

5 Everyday Tech That Can Track Your Activity

Modern society is filled with tracking devices, from websites and apps to everyday tech devices. Many electronic devices connected to the internet track user activity to help manufacturers fix bugs and optimize performance. Five everyday tech devices may be tracking user activity, often without users realizing it. Tracking can be benign, but it can also be a privacy invasion. Devices such as smart home appliances and wearables may be monitoring user behavior. The widespread use of tracking devices raises concerns about privacy and data collection. Users may not be aware of the extent to which their activities are being tracked.

💡 Privacy invasion can lead to targeted advertising and data breaches. Unregulated tracking can erode trust in technology companies.

Google, FBI target Chinese scammers using Gemini AI for fake sites
bangkokpost.com · Jun 21

Google, FBI target Chinese scammers using Gemini AI for fake sites

Google has partnered with the FBI to dismantle a Chinese cybercrime syndicate known as "Outsider Enterprise" that used Google's Gemini AI to create fraudulent websites. The scam involved replicating official Google and YouTube interfaces to deceive users, generating nearly 9,000 lookalike websites and over 1 million URLs. The syndicate also targeted Android users with a massive SMS phishing blitz, sending 2.5 million text messages with links to malicious sites. Google has filed a lawsuit against the gang, and major US telecommunications carriers have coordinated with Google to request FBI assistance. The operation has raised concerns over AI tools being exploited for phishing and online fraud.

💡 The case highlights the darker side of generative AI, where advanced tools can be used to accelerate phishing and online fraud on a massive scale. It also underscores the need for tech giants to safeguard their AI technologies from being misused by cybercriminals.