Mastra Got Hacked. Here's What We Learned
Mastra got hacked. In this special edition of Security Corner, Shane Thomas and Abhi Aiyer break down exactly what happened when a supply chain attack hit Mastra's npm packages — an attack that appears to trace back to hackers in North Korea. They're joined by Ismail Pelaseyed, co-founder and CTO of Superagent, for the outside view on how these campaigns actually work.
Guests in this episode
Ismail Pelaseyed
SuperagentWatch on
Episode Transcript
Intro: a special Security Corner
The supply chain attack on Mastra
How they got in: a fake Teams call
The npm account takeover
EasyDjS and the scramble to fix it
Why success makes you a target
How AI supercharges phishing
Hardening against compromised contributors
Open source under strain: IBM's $5B bet
npm and PyPI keep dropping the ball
Inside the fake package, and how Socket caught it
The fear-selling problem in security
Superagent!
More episodes
- June 25, 2026GPT-5.5 Beats Fable, Cursor Takes On GitHub & Midjourney Scans Your Body | This Week in AI
- June 24, 2026How AI Broke Open Source Security | Security Corner with Ismail PelaseyedIsmail Pelaseyed
- June 18, 2026Claude Fable 5: Launched, Hyped, Banned by the Government | This Week In AI
- June 11, 2026Loop Engineering, OpenAI Sites & the Great China Model Shift | This Week In AI