Login
Subscribe to our newsletter to hear more about Karma-X products!
By submitting this form, you agree to our Terms of Service and Privacy Policy, and agree to receive emails from Karma-X.
TeamPCP exploited a permissive npm OIDC trust policy to poison SAP's mbt and @cap-js packages, exfiltrating cloud and developer secrets to victim-owned GitHub repos. Here's the full attack chain and how to detect it.
