mini Shai‑Hulud: Compromise of SAP npm Packages

Colleagues—attention for cybersecurity: the 'mini Shai‑Hulud' campaign has compromised npm packages within the SAP ecosystem.
- Affected: mbt and several @cap‑js packages; releases include a preinstall that downloads Bun and executes a payload (PowerShell with -ExecutionPolicy Bypass).
- Steals local credentials, GitHub/npm tokens, CI and cloud secrets; exfiltrated data is encrypted and pushed to victims' repositories.
- Malware injects malicious GitHub Actions, publishes poisoned packages and persists via AI‑agent configs (.claude) and VS Code settings.
Why it matters: impacts development and CI/CD. Recommend rotating tokens, reducing privileges, pinning dependencies and auditing workflows.
What mitigation steps do you prioritise?
#cybersecurity #supplychain #npm #DevOps


Latest comments
No comments yet.