SAP npm Packages Compromised by "mini Shai-Hulud" Supply Chain Attack

Cybersecurity researchers from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz reported a supply chain attack campaign targeting SAP-related npm packages with credential-stealing malware. The campaign, self-identified as "mini Shai-Hulud," has compromised multiple npm packages associated with SAP. No specific dates, CVE IDs, or exact number of affected packages were disclosed in the available content. The attack aims to steal credentials through malicious dependencies in the software supply chain. The impacted entities include organizations using the compromised SAP-related npm packages.