Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases. A series of malicious packages in the Node.js package manager (npm) code ...
A hacker has gained access to a developer's npm account and injected malicious code into a popular JavaScript library, code that was designed to steal the npm credentials of users who utilize the ...
Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
A novel timing attack has emerged for targeting private corporate software packages hosted in the npm code repository. The goal is to uncover the legitimate offerings and then create malicious public ...
The security team behind the "npm" repository for JavaScript libraries removed two npm packages this Monday for containing malicious code that installed a remote access trojan (RAT) on the computers ...
Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results