SecurityWeek

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages compromised in the Mini Shai-Hulud supply chain attack trigger a Bun runtime to install an information ...
ADTmag

Salesforce Opens Beta for React-Based App Development on Its Platform

Salesforce is opening its platform to React developers. The Multi-Framework beta lets developers build native Salesforce apps with React while using Salesforce authentication, security, governance, ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 according to new research

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...