Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems ...

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.

A threat group planted a malicious npm package in a crypto trading project through an AI-generated commit by Anthropic's ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...