Attackers are exploiting CVE-2026-4020 in Gravity SMTP to leak API keys, OAuth tokens, and system data from WordPress sites.
From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results