Mini Shai-Hulud attack poisons SAP npm packages to steal GitHub, cloud, and AI coding secrets

A new npm supply chain attack hit SAP’s developer ecosystem by poisoning four packages used in SAP CAP and Cloud MTA build workflows. The campaign, tracked as Mini Shai-Hulud, used malicious preinstall scripts to steal developer and CI/CD secrets before npm installation finished. The affected packages were mbt, @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service. Developers or build […] The post Mini Shai-Hulud attack poisons SAP npm packages to steal GitHub, cloud, and AI coding secrets appeared first on VPN Central.