Home » Security Bloggers Network » Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework The post Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude ...

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...

SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.

With this app, you can reveal hidden files in Finder, clear logs and caches eating your space, batch convert images, and more ...

Five years of chaos—finally sorted.

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

Several npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain ...

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...

Just two days after GitHub announced usage-based billing for Copilot, Microsoft shipped VS Code 1.118 -- under its new weekly release cadence -- with significant token efficiency improvements designed ...

Researchers say the campaign targeted developer credentials and cloud secrets while abusing trusted publishing and AI coding ...

Visual Studio 2026 has further integrated GitHub Copilot's cloud agent to its Copilot Chat picker -- catching up to VS Code -- and the async workflow it enables, where a task runs on GitHub Actions ...