Four SAP NPM packages have been injected with malicious code as part of a new supply chain attack, security researchers warn. The campaign, referred to as Mini Shai-Hulud, is targeting packages linked to the SAP Cloud Application Programming (CAP) ecosystem… Read More "SAP NPM Packages Targeted in Supply Chain Attack"
Checkmarx on Tuesday confirmed that last month’s supply chain attack targeting its KICS open source project also resulted in data theft. The compromise was a result of the Trivy supply chain attack and allowed the attackers to hijack dozens of… Read More "Checkmarx Confirms Data Stolen in Supply Chain Attack"
The Bitwarden command-line interface (CLI) NPM package was compromised in a supply chain attack that appears tied to previous campaigns against the open source software (OSS) ecosystem. One of the most popular open source password management platforms, with over 250,000… Read More "Bitwarden NPM Package Hit in Supply Chain Attack"
