The Hacker News · Apr 29, 2026 4:26 PM

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.
According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the mini Shai-Hulud – has affected the following packages associated with SAP's JavaScript and cloud application

Read at The Hacker News

Was this helpful?

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs 2026-05-02
Claude Mythos Fears Startle Japan's Financial Services Sector 2026-05-02
AI Finds 38 Security Flaws in Electronic Health Record Platform 2026-05-02
Securing the git push pipeline: Responding to a critical remote code execution vulnerability 2026-05-02

← Back to edition