Attackers Weaponize SAP npm Packages to Steal GitHub, Cloud, and AI Coding Tool Secrets

📅 4 May 2026 at 12:39 UTC📰 Cyber Security NewsView original source ↗

A new supply chain attack is targeting the SAP developer ecosystem through poisoned npm packages. The campaign uses a malicious worm called “Mini Shai-Hulud,” which runs silently before any npm install completes and steals credentials from developer machines, cloud platforms, and AI coding tools. The attack hit four official SAP-published packages: mbt, @cap-js/sqlite, @cap-js/postgres, and […] The post Attackers Weaponize SAP npm Packages to Steal GitHub, Cloud, and AI Coding Tool Secrets appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Attackers have compromised four official SAP-published npm packages, using a malicious worm called 'Mini Shai-Hulud' to steal credentials from developer machines and cloud platforms, targeting the SAP developer ecosystem.

⚙️Technical Details

Affected Systems

developer machinescloud platforms

Attack Vectors

poisoned npm packagessilent execution before npm install completes

💥Impact Assessment

Severity: critical

🛡️Recommended Actions

1Verify and update npm packages regularly

2Use secure package management practices

3Monitor system logs for suspicious activity

📦Affected Products

mbt@cap-js/sqlite@cap-js/postgres

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed