SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware

SITREP: A supply chain attack campaign named 'mini Shai-Hulud' has compromised SAP-related npm packages, deploying credential-stealing malware. Multiple cybersecurity firms, including Aikido Security and Google-owned Wiz, have reported on the extent of the attack. TACTICAL ASSESSMENT: This incident highlights vulnerabilities within the software supply chain, particularly affecting enterprise-level applications like SAP. The successful deployment of such malware could lead to significant data breaches and undermine trust in software ecosystems. PROJECTED VECTORS: Future attacks may target additional npm packages or expand to other software ecosystems, increasing the risk of widespread credential theft.