Official SAP npm packages compromised to steal credentials

Published on April 29, 2026

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]

Continue reading on website
Other news

Popular WordPress redirect plugin hid dormant backdoor for years

April 29, 2026
The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users' sites. [...]

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

April 30, 2026
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems."The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,"