Signal

Supply chain attack targets SAP npm packages with credential-stealing malware

Evidence first: scan the strongest sources, then decide whether to go deeper.

rss

supply_chainnpmmalwarecredential_theftdeveloper_toolsci_cd

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (3)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (3 domains)

3 top sources shown

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The Register Security · News · go.theregister.com · 2026-04-30 23:21 UTC

SAP NPM Packages Targeted in Supply Chain Attack

SecurityWeek · News · securityweek.com · 2026-04-30 14:27 UTC

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

CSO Online · News · csoonline.com · 2026-04-30 09:58 UTC

View all evidence

Overview

A recent supply chain attack dubbed "Mini Shai-Hulud" compromised SAP-related npm packages used in JavaScript and cloud application development.

Entities

SAPGitHubnpmAWSAzureGoogle Cloud PlatformKubernetesMini Shai-Hulud

Score total

1.19

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Malicious package versions were published recently on April 29, 2026.
Attackers exploited npm's OIDC trusted publishing configuration gap.
The incident exposes ongoing risks in widely used SAP JavaScript development packages.

Why it matters

Supply chain attacks on developer tools can compromise entire software ecosystems.
Stolen credentials enable attackers to escalate access across cloud and code repositories.
Highlighting security gaps in CI/CD pipelines prompts urgent remediation efforts.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Malicious SAP npm packages stole developer credentials and cloud tokens

How sources frame it

CSO Online: neutral
The Register Security: neutral
SecurityWeek: neutral

All evidence

The never-ending supply chain attacks worm into SAP npm packages, other dev tools

The Register Security · go.theregister.com · 2026-04-30 23:21 UTC

SAP NPM Packages Targeted in Supply Chain Attack

SecurityWeek · securityweek.com · 2026-04-30 14:27 UTC

SAP npm package attack highlights risks in developer tools and CI/CD pipelines

CSO Online · csoonline.com · 2026-04-30 09:58 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 3 / 0

Top publishers (this list)

The Register Security (1)
SecurityWeek (1)
CSO Online (1)

Top origin domains (this list)

go.theregister.com (1)
securityweek.com (1)
csoonline.com (1)