Updated
Updated · InfoWorld · Apr 30
Attackers publish malicious npm packages that steal developer credentials and tokens
Updated
Updated · InfoWorld · Apr 30

Attackers publish malicious npm packages that steal developer credentials and tokens

9 articles · Updated · InfoWorld · Apr 30
  • Researchers said SAP ecosystem packages including mbt and three @cap-js modules were poisoned on 29 April before safe releases replaced them.
  • The malware harvested GitHub, npm, cloud and Kubernetes credentials, exfiltrated them via victims' GitHub accounts, and used stolen tokens to add malicious GitHub Actions workflows and publish more poisoned packages.
  • Researchers said the campaign abused npm OIDC trusted publishing gaps and a static npm token, while persisting through Visual Studio Code and Claude Code files, underscoring risks in developer workstations and AI-assisted coding tools.
As AI assistants integrate into our codebases, are they the next major frontier for supply chain attacks?
When developer tools become the weapon, how can security keep pace without crippling the speed of innovation?

Related Stories

InfoWorldApr 30
WizApr 30
armorcode.comApr 30
stepsecurity.ioApr 30
paloaltonetworks.comApr 30
The Hacker NewsApr 30
aikido.devApr 30
Trend MicroApr 30
about.gitlab.comApr 30