TeamPCP exploited a permissive npm OIDC trust policy to poison SAP's mbt and @cap-js packages, exfiltrating cloud and developer secrets to victim-owned GitHub repos. Here's the full attack chain and how to detect it.
Read More
Axios npm package compromised—attackers hijacked the maintainer’s account and injected a phantom dependency that dropped a cross-platform RAT. Here’s the full attack chain.
Read More