4 min read
News Brief Microsoft attributes the Mastra AI npm supply chain attack to Sapphire Sleet, a North Korean state actor: 144 packages backdoored via a hijacked contributor account, targeting LLM API keys, cloud credentials, and cryptocurrency wallets.