Security researchers from ReversingLabs have uncovered a series of high-profile compromises targeting popular open-source packages, highlighting the growing risk of malicious code infiltration in widely-used software tools. The researchers discovered cryptomining malware had been injected into packages associated with rspack and vant. The compromises of these frequently downloaded tools were made possible using stolen npm tokens.
New SAP NetWeaver Vulnerabilities Allow Attackers to Bypass Authorization and Execute OS Commands
SAP released its October 2025 Security Patch Day fixes, addressing 13 new vulnerabilities and updating four prior notes, with several critical flaws in NetWeaver enabling
