TGTGInsighttelegram intelligenceLIVE / telegram public index
← The Hacker News
View original
The Hacker News avatar

TGINSIGHT POST

Post #8901

@thehackernews

The Hacker News

Views9,370Post view count
PostedApr 2904/29/2026, 04:32 PM
Post content

Post content

⚠️ ALERT — SAP related npm packages were just found shipping credential-stealing malware. A preinstall script runs on install, steals tokens, and injects GitHub Actions to self-propagate, exfiltrating encrypted secrets via victim-owned repos. 🔗 Read → https://thehackernews.com/2026/04/sap-npm-packages-compromised-by-mini.html