Source: The Register
Attackers are shifting from infrastructure to the tools developers use daily. Stealing credentials from SAP systems and npm packages penetrates deeper into enterprise operations than previous tactics. A compromised dependency can distribute malware across thousands of downstream projects at once, forcing organizations to treat their development toolchain as a security perimeter, not an engineering convenience. The targeting of both enterprise software and open-source package managers shows attackers are weaponizing the entire developer ecosystem simultaneously.