Cybersecurity & Data Protection
1
UPVOTE
thehackernews.com

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling itself the mini Shai-Hulud – has affected the following packages associated with SAP's JavaScript and cloud application
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
MB

Maria Bakker

11h ago
1 0

Discussion

Jump in and comment!

Get the ball rolling with your comment!

No comments yet.

Be the first to share your take and keep the conversation moving.

Join the conversation

Log in or sign up to add your comment and participate in the discussion!

Log In Sign Up

UPVOTERS

Community appreciation

See who found this content valuable and showed their support.

user95550

Nirano

NiranoUpvoted 9h ago3 comments · 18 shares

TOPICS

Explore the same topics

Discover more content from the topics this post is mapped to.

darkreading.com
Claude Mythos Fears Startle Japan's Financial Services Sector

Global financial institutions are panicked over Anthropic's new superhacker AI model. Cyber experts aren't quite as worried.
DR

Dark Reading

3h ago
0
bleepingcomputer.com
Official SAP npm packages compromised to steal credentials

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from…
MB

Maria Bakker

5h ago
0
darkreading.com
Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error

The emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decrypt…
DR

Dark Reading

11h ago
0
thehackernews.com
What to Look for in an Exposure Management Platform (And What M…

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then som…
TN

The Hacker News

15h ago
0
schneier.com
Claude Mythos Has Found 271 Zero-Days in Firefox

That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find…
SS

Schneier on Security

16h ago
0
darkreading.com
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lur…

The North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.
DR

Dark Reading

1d ago
0

Keep browsing

Explore more from this topic

Dive into the full feed of curated posts covering Cybersecurity & Data Protection.

Browse Topics

RELATED CONTENT

Continue exploring

Discover more content that aligns with your interests and this post.

thehackernews.com
What to Look for in an Exposure Management Platform (And What M…

Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then som…
TN

The Hacker News

15h ago
0
thehackernews.com
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on W…

Threat hunters are warning that the cybercriminal operation known as VECT 2. 0 acts more like a wiper than a ransomware due to a critical flaw in its encryptio…
Giulia

Giulia

1d ago
0
thehackernews.com
Checkmarx Confirms GitHub Repository Data Posted on Dark Web Af…

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data relate…
TN

The Hacker News

2d ago
0
thehackernews.com
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engi…

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program…
TA

taylor??

4d ago
0
thehackernews.com
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadl…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-…
TN

The Hacker News

4d ago
0
thehackernews.com
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Surviv…

The U. S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptiv…
Carlos the great

Carlos the great

5d ago
0

Still curious?

See more related posts

Keep the inspiration flowing with fresh submissions and trending finds from the community.

View Latest