New Blog: Mastra npm Scope Takeover: 141 Packages Drop a RAT
Edit Calendar Icon 17 Jun 2026
SafeDep Logo
url

https://stitch-production.org/api/v1

discovered 2026-06-19

C2 endpoint. Credential exfiltration via GET query parameters: ?src=<source>&user=<email>. Fallback beacon: ?email-not-found=true

Linked packages