THURSDAY, JUNE 25, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

North Korean Hackers Compromise 140+ npm Packages Targeting AI Developers

By Meridian48 News Desk · Summarised from DEV Community ·

On June 17, 2026, Microsoft attributed a supply chain attack on over 140 @mastra npm packages to North Korean state actor Sapphire Sleet. The malicious postinstall scripts exfiltrated AI API keys, cloud credentials, and CI/CD tokens from developer machines within seconds. Affected developers who ran npm install between June 14-17 must rotate all credentials immediately.

Meridian48 take
This attack signals a strategic shift: nation-states now view AI developer tooling as the highest-value credential target, far beyond traditional corporate workstations.
Read the full reporting
Nation-State Actors Are Now Targeting Your AI Agent's npm Packages →
DEV Community
supply-chain-attacknpm
More security briefs
Security

360 launches automated cyber defense tools Mythos and Yitianzhen

TechRadar · 49m ago
Security

Russia used Cellebrite forensics tool to hack activist phone despite sanctions

Engadget · 45m ago
Security

Klue Hackers Delete Stolen Data as Second Group Demands Ransom

TechCrunch · 1h ago
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan