Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...

I used vibe coding to take control of my subscriptions.

With this app, you can reveal hidden files in Finder, clear logs and caches eating your space, batch convert images, and more ...

Most people install an app, grant it a few permissions, and never give its security another thought. But behind the… | ...

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...

Multiple SAP npm packages were compromised in a supply chain attack designed to steal developer credentials and tokens.

Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...