SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Published: 1 week ago (April 29, 2026 at 12:26 PM EDT)

1 min read

Source: The Hacker News

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP‑related npm packages with credential‑stealing malware.

According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google‑owned Wiz, the campaign—calling itself the mini Shai‑Hulud—has affected the following packages associated with SAP’s.

Back to Blog

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Ravie Lakshmanan Apr 30 2026 – Supply Chain Attack / Malware !Python logohttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7hiQfVCFzoPBzfr5xqJ06qMjzv-...

Official SAP npm packages compromised to steal credentials

!https://www.bleepstatic.com/content/hl-images/2022/02/09/SAP.jpg Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply...

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package was added as a dependency to a project by Anthropic's Claud...

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python‑based backdoor framework called DEEPDOOR that provides capabilities to establish persisten...

Related posts

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Official SAP npm packages compromised to steal credentials

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials