Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

In the first five months of 2026, security researchers have flagged more malicious packages on the npm registry than in all ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Bitwarden has confirmed a serious security incident in which a compromised product was made public. Here's why most users ...

Malicious npm packages have been identified distributing malware that steals credentials and attempts to spread across ...