The SAP npm Attack Wasn't About a Token. Here's What Was Actually New. | Vulnox Blog