【漏洞通告】Splunk Enterprise 预认证远程代码执行漏洞(CVE-2026-20253)
2026年6月16日,深瞳漏洞实验室监测到一则Splunk Enterprise组件存在代码执行漏洞的信息,漏洞编号:CVE-2026-20253,漏洞威胁等级:高危。
A sophisticated supply chain attack has targeted the Mastra-AI npm ecosystem, with researchers from Microsoft and Socket identifying over 141 compromised packages designed to silently deploy an infostealer payload on developer machines, CI/CD runners, and build environments. The campaign, detected on June 17, 2026, exploited a typosquatting dependency to deliver multi-stage malware capable of stealing […]
The post Hackers Compromised 140+ Mastra npm Packages to Deploy Password-Stealing Malware appeared first on Cyber Security News.