SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

Attackers infected all versions with the same credential-stealing malware that, on Wednesday, poisoned multiple npm packages ...

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from ...

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other ...

A missed step in a manual deployment process exposed the internal workings of one of AI's hottest coding tools—and briefly handed the rest of the industry a detailed map of how Anthropic builds it.