Official SAP npm packages compromised to steal credentials (2026-04-29 22:43 UTC)
Kurz: Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. […]
Popular WordPress redirect plugin hid dormant backdoor for years (2026-04-29 22:13 UTC)
Kurz: The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites. […]
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining (2026-04-29 20:50 UTC)
Kurz: Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. […]
Kurz: Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Goo…
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs (2026-04-29 14:43 UTC)
Kurz: Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package in question is “@validate-sdk/v2,” which …
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks (2026-04-29 12:02 UTC)
Kurz: In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren’t just talking about AI writing better phishing emails …