On Friday, Elon Musk priced the largest float in history. SpaceX listed on the Nasdaq at about $1.8 trillion, minting the world's first trillionaire and fusing the space economy with the AI trade. Inside one lifetime, compute and capital have become statecraft. The sky just became an asset class.
Anthropic’s Fable 5 sharpens reasoning and workflow performance, but early developer reports suggest safety filters may restrict its full capability in sensitive fields. The launch raises a key question: are users paying for better models, or conditional access?
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
SAP npm packages poisoned with credential-stealing malware in "Mini Shai-Hulud" attack. Malicious preinstall hooks harvest GitHub tokens, cloud keys and CI/CD secrets. Attackers weaponise AI agent configs for persistence, turning Claude and VS Code settings into execution paths.
Cyber analysts and media are in a frenzy reporting this incident. A supply-chain attack has struck SAP's JavaScript ecosystem, with several npm packages briefly carrying credential-stealing malware. Security teams have dubbed the campaign "Mini Shai-Hulud." It targeted packages used for SAP Cloud Application Programming Model and Cloud MTA builds: mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2.
The shift here is critical: attackers have moved from production servers to the developer layer itself. Multiple analyst reports confirm that poisoned releases used malicious preinstall hooks. These fired during npm install, pulled down the Bun runtime, then ran obfuscated code to harvest GitHub tokens, npm credentials, GitHub Actions secrets, cloud keys for AWS, Azure and GCP, and Kubernetes tokens.
This follows patterns Cyber News Centre has tracked closely. Recent coverage of the Vercel OAuth breach and the ShinyHunters Salesforce attack both showed how trusted cloud identities become breach amplifiers. Now that same logic reaches into package installation and build automation, where one dependency update can hit developer machines, source repos and deployment pipelines before perimeter tools register anything amiss.
The target is the operational core of modern development: workstations, package managers, GitHub repos, CI/CD runners. A single infected dependency can unlock source code, cloud infrastructure, deployment secrets and package publishing rights.
Industry analysts report the malware exfiltrates encrypted payloads through GitHub repos and tries to spread via compromised tokens. One firm links the activity with medium confidence to TeamPCP, citing technical overlap and consistent targeting of developer environments. The malicious versions lived on npm for just over two hours, 09:55 to 12:14 UTC on 29 April, but automated builds can pull packages within minutes, so window length barely matters.
The persistence mechanism is what's new. Analysts found the malware drops .claude/settings.json and .vscode/tasks.json files, re-triggering execution whenever someone opens the repo in Claude Code or VS Code. Their assessment is blunt: this is among the first supply-chain attacks to weaponise AI coding agent configurations for persistence and propagation. The warning is clear. The next exposure layer isn't just packages, tokens and workflows, but the local config files that tell AI tools and IDEs what to run.
AI is compressing software delivery timelines, and attackers are exploiting that same acceleration. Developers lean on automated dependency updates, AI coding agents, fast installs and continuous deployment. This campaign hijacks those conveniences directly, using IDE and AI-agent configs as persistent footholds.
For enterprises deploying AI-assisted development at scale, the risk sharpens. When AI agents get repo context, terminal access or workflow permissions, an infected repository becomes more than passive code. It becomes an active execution environment. Security teams now need to scrutinise AI agent configs, IDE tasks, repo hooks and local automation policies with the same rigour they apply to build scripts and deployment credentials.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
On Friday, Elon Musk priced the largest float in history. SpaceX listed on the Nasdaq at about $1.8 trillion, minting the world's first trillionaire and fusing the space economy with the AI trade. Inside one lifetime, compute and capital have become statecraft. The sky just became an asset class.
Anthropic’s Fable 5 sharpens reasoning and workflow performance, but early developer reports suggest safety filters may restrict its full capability in sensitive fields. The launch raises a key question: are users paying for better models, or conditional access?
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
Anthropic has cracked the door on Mythos, its most powerful AI model, but Australia’s biggest banks and critical infrastructure players are still waiting in line, managing fast escalating cyber risks without direct access to the tool built to expose them.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
