WeSearch

Official SAP NPM packages compromised to steal credentials

·3 min read · 0 reactions · 0 comments · 1 view
Official SAP NPM packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems.

Original article
BleepingComputer
Read full at BleepingComputer →
Opening excerpt (first ~120 words) tap to expand

Official SAP npm packages compromised to steal credentials By Lawrence Abrams April 29, 2026 06:43 PM 0 Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM: @cap-js/sqlite – v2.2.2 @cap-js/postgres – v2.2.2 @cap-js/db-service – v2.10.1 mbt – v1.2.48 These packages support SAP's Cloud Application Programming Model (CAP) and Cloud MTA, which are commonly used in enterprise development.

Excerpt limited to ~120 words for fair-use compliance. The full article is at BleepingComputer.

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from BleepingComputer

Neuro-Morph: Building a Living Defense System with Autonomous Moving Target Defense and MongoDB
DEV.to (Top)·2
Building a CDC Pipeline, Part 1: PostgreSQL WAL Internals
Substack·2
You probably dont want RLS
Planetscale·2
Prism: Demystifying Retention and Interaction in Mid-Training
arXiv.org·2
'Still nice to win it at 74' - O'Neill is Premiership manager of month
Yahoo Sports·1
Julian Edelman suing over claims he was exploited in Boston ad agency partnership worth $50 million
Yahoo Sports·1