SAP npm Packages Compromised in Supply Chain Attack Targeting Developer Secrets

Several SAP-related npm packages were compromised in a supply chain attack designed to steal developer credentials, cloud secrets, and CI/CD tokens. The malicious versions affected packages used in SAP Cloud Application Programming Model and Cloud MTA build workflows. Researchers identified four affected versions: @cap-js/sqlite 2.2.2, @cap-js/postgres 2.2.2, @cap-js/db-service 2.10.1, and mbt 1.2.48. Developers and security […] The post SAP npm Packages Compromised in Supply Chain Attack Targeting Developer Secrets appeared first on VPN Central.