1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million. The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek.
Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems over the past two days.
Attributed to the TeamPCP hacking group, the campaign was first spotted on April 29, after malicious versions of four SAP NPM packages were caught delivering information-stealing malware and attempting to propagate to other packages.
The malware would collect credentials, keys, tokens, and other secrets from the infected machines and publish the data to GitHub repositories containing the hardcoded description “A Mini Shai-Hulud has Appeared”.
Source: https://www.securityweek.com/1800-hit-in-mini-shai-hulud-attack-on-sap-lightning-intercom/
Related breach coverage
- SAP NPM Packages Targeted in Supply Chain Attack2026-04-30
The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek.
- Sandhills Medical Says Ransomware Breach Affects 170,0002026-04-30
It took the healthcare organization nearly one year to publicly disclose a data breach after it was targeted by Inc Ransom. The post Sandhills Medical Says Ransomware Breach Affects 170,000 appeared first on SecurityWeek.
- Spectrum Security Emerges From Stealth Mode With $19 Million2026-04-28
The threat detection startup will invest in accelerating its engineering and go-to-market efforts. The post Spectrum Security Emerges From Stealth Mode With $19 Million appeared first on SecurityWeek.
- Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak2026-04-28
The ShinyHunters cybercrime group claimed to have stolen 9 million records containing personal information from Medtronic. The post Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak appeared first on SecurityWeek.