The Hacker News

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...

Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...
Infosecurity Magazine

Cursor Extension Flaw Exposes Developer API Keys

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...
CSO Online

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...
Hosted on MSN

Cursor vulnerability raises risks for API key security

A severe vulnerability in the AI-powered development tool Cursor allows installed extensions to access locally stored API keys and session tokens without user action, according to LayerX researchers.
Hosted on MSN

Master Python data analysis like a pro

Python has become the go-to tool for turning raw information into actionable insights, thanks to its rich ecosystem of libraries like Pandas, NumPy, and Matplotlib. From cleaning messy datasets to ...