Mastra Package Compromise: Threat actors hijacked the entire Mastra npm organization (116 packages) after a maintainer was targeted with a ClickFix-style attack that stole his credentials. Rather than injecting malware directly into Mastra packages, attackers pre-staged a typosquatted package called 'easy-day-js' and added it as a dependency across the org. The malware differs from the structurally similar Axios attack in one notable way: it targets browser extensions, including password managers (LastPass, Bitwarden, Dashlane, 1Password) and MFA tools, with Zapier among the more unusual targets.
Agent Jacking and MCP Server Security: A Cloud Security Alliance paper describes a concept called "agentjacking", where attackers inject malicious instructions into Sentry error events, which AI coding agents then retrieve via MCP and execute with the developer's own elevated permissions. This pattern isn't new: weaponizing an agent's privileged access against its owner was a core mechanic of the 2025 S1ngularity attack. What the paper describes is sophisticated prompt injection through an MCP server that fails to sanitize third-party data before passing it to the agent. Its conclusion that EDR can't catch this misses the point, because EDR can't catch most open source malware since the traffic and signals are indistinguishable from normal software development activity.
Malware Myths: We bust four myths making the rounds in the AppSec community. First, that open source malware only lives two to three days: typosquatting and dependency confusion packages routinely survive for weeks or months, and NPM's inconsistent takedown practices make it worse. Second, that npm install scripts are going away: they're not, they are becoming opt-in by default. Third, that package firewalls and cooldowns will eliminate 99% of risk: they won't, for the same reason the lifespan myth is wrong. Fourth, that threat actor attribution doesn't matter: it does, because knowing who compromised you tells you what persistence mechanisms and next steps to look for during incident response.
Episode Resources
