SAP npm packages poisoned on April 29, 2026 + AES-256-GCM encrypted credential theft + AI coding tools abused for spread.
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results