https://cybercrime.club/tags/easy-day-js/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usWed, 17 Jun 2026 23:12:25 -0400https://cybercrime.club/posts/mastra-npm-easy-day-js-144-packages-scope-takeover/Wed, 17 Jun 2026 23:12:25 -0400https://cybercrime.club/posts/mastra-npm-easy-day-js-144-packages-scope-takeover/An attacker hijacked a former contributor's npm account to republish ~144 @mastra packages — including @mastra/core (918K weekly downloads) — each pulling in easy-day-js, a dayjs typosquat that drops a cross-platform crypto/infostealer at install time.supply-chain