> TritonInfoSec News

Home / Apr 30, 2026 / Story

#2 BleepingComputer general April 29, 2026 at 22:43 UTC

Official SAP npm packages compromised to steal credentials

By Lawrence Abrams

AI Summary

Multiple official SAP npm packages were compromised in a TeamPCP supply-chain attack using "Mini Shai-Hulud" credential-stealing malware that targets developers' authentication tokens. The campaign specifically targeted SAP's JavaScript and cloud application packages, representing a significant threat to enterprise development environments relying on SAP's ecosystem.

Read full article → https://www.bleepingcomputer.com/news/security/off…

Relevance score: 90.0/100

Sponsored

Protect Your Business

Expert cybersecurity solutions to safeguard your organization from evolving threats.

Get Protected →

# More from April 30

1
Claude Mythos Has Found 271 Zero-Days in Firefox Schneier on Security
3
GitHub fixes RCE flaw that gave access to millions of private repos BleepingComputer
4
cPanel, WHM emergency update fixes critical auth bypass bug BleepingComputer
5
CISA orders feds to patch Windows flaw exploited as zero-day BleepingComputer
6
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw BleepingComputer
7
Popular WordPress redirect plugin hid dormant backdoor for years BleepingComputer
8
Broken VECT 2.0 ransomware acts as a data wiper for large files BleepingComputer
9
Hackers arrested for hijacking and selling 610,000 Roblox accounts BleepingComputer
10
AI Finds 38 Security Flaws in Electronic Health Record Platform Dark Reading