On April 29, 2026, a highly coordinated supply chain attack struck the SAP JavaScript and cloud development ecosystem. Threat actors compromised four official npm packages associated with the SAP Cloud Application Programming (CAP) and MTA Build Tool frameworks. The malicious packages identified as mbt, @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service were poisoned to deliver a massive credential-stealing […] The post Malicious SAP npm Packages Target GitHub, Cloud, and AI Coding Tokens appeared first on Cyber Security News.