Product

@Cap-Js/Db-Service

2 briefs RSS

Compromised @cap-js Packages Lead to Credential Theft and Self-Propagation

Compromised versions of `@cap-js/sqlite@2.2.2`, `@cap-js/postgres@2.2.2`, and `@cap-js/db-service@2.10.1` were published, leading to credential harvesting and attempted self-propagation; upgrade immediately and rotate credentials.

@cap-js/sqlite +2 supply-chain credential-theft npm

2r 2t May 20, 2026

critical threat

Mini Shai-Hulud Supply Chain Attack Targets SAP NPM Packages

2 rules 1 TTP

The Mini Shai-Hulud campaign injected malicious code into SAP NPM packages, targeting credentials and cloud secrets related to SAP Cloud Application Programming (CAP) and SAP cloud deployment workflows, exfiltrating data through public GitHub repositories.

Cloud Application Programming +5 TeamPCP supply-chain npm sap credential-theft

2r 1t Apr 30, 2026