Several npm packages used in SAP's cloud application development ecosystem have been compromised as part of TeamPCP's expanding supply chain attack campaign. This threat impacts organizations relying on SAP cloud development tools and their software dependencies.

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name