Skip to main content

Tag: sap

4 articles

Laptop screen on a neutral surface in a bright, clean tech facility setting.

Fortinet, Ivanti, SAP Patch Critical Vulnerabilities

This week, Fortinet, Ivanti, and SAP issued urgent patch rollouts to fix critical vulnerabilities that could allow hackers to execute remote code or gain unauthorized access to sensitive systems. The flaws, affecting sandboxing infrastructure, mobile gateway software, and core enterprise apps, carry high severity scores and demand immediate attention.

Analyst 207
Modern workspace with a computer on a clutter-free desk, surrounded by minimal office decor.

Malware Worms Into SAP, Intercom and Lightning Developer Tools

Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

Analyst 207
Software development workstation with code editor and blurred tools, hinting at supply chain logistics in background.

SAP npm Packages Compromised in Supply-Chain Attack

Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

Analyst 207
Laptop with blank screen surrounded by npm packages and JavaScript code in a brightly-lit software development environment.

Malware Targets SAP npm Packages in Supply Chain Attack

A new supply-chain attack campaign, dubbed mini Shai-Hulud, is targeting SAP-related npm packages, delivering credential-stealing malware that threatens JavaScript and cloud applications. This sneaky attack puts sensitive data at risk, and experts are warning of a potentially massive impact.

Analyst 207