SAP NPM Packages Targeted in Supply Chain Attack
The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek.
Four SAP NPM packages have been injected with malicious code as part of a new supply chain attack, security researchers warn.
The campaign, referred to as Mini Shai-Hulud, is targeting packages linked to the SAP Cloud Application Programming (CAP) ecosystem and SAP cloud deployment workflows.
On April 29, four package versions were flagged as malicious, namely npm mbt 1.2.48, npm @cap-js/db-service 2.10.1, npm @cap-js/postgres 2.2.2, and npm @cap-js/sqlite 2.2.2.
Source: https://www.securityweek.com/sap-npm-packages-targeted-in-supply-chain-attack/
Related breach coverage
- 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom2026-05-01
The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million. The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek.
- Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks2026-04-30
An attacker could have planted a malicious configuration to execute commands outside the sandbox. The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek.
- SonicWall Urges Immediate Patching of Firewall Vulnerabilities2026-04-30
The bugs could be exploited to bypass security controls, access restricted services, and crash firewalls. The post SonicWall Urges Immediate Patching of Firewall Vulnerabilities appeared first on SecurityWeek.
- EnOcean SmartServer Flaws Expose Buildings to Remote Hacking2026-04-30
Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution. The post EnOcean SmartServer Flaws Expose Buildings to Remote Hacking appeared first on SecurityWeek.