Tag: sap
-
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM, and PHP ecosystems over a two-day period, affecting over 1,800 developer repositories containing stolen credentials. The campaign was first identified on April 29 when malicious versions of four SAP NPM packages were caught delivering information-stealing…The…
-
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
Mini Shai-Hulud caught spreading credential-stealing malware First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/
-
TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-sap-packages-mini-shai-hulud
-
SAP npm Supply Chain Attack Targets Developer Credentials
A supply chain attack on SAP npm packages used preinstall scripts to steal developer and CI/CD credentials. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/sap-npm-supply-chain-attack-targets-developer-credentials/
-
Supply-Chain-Attacke auf SAP-CAP
Die Onapsis Research Labs beobachten derzeit eine gezielte Supply-Chain-Attacke auf SAP-Entwickler und Unternehmen, die das SAP-Cloud-Application-Programming-Model (CAP) nutzen. Die als ‘Mini Shai-Hulud” bezeichnete Angriffskampagne schleust Schadcode in verbreitete SAP-nahe JavaScript-/npm-Pakete ein mit dem Ziel, automatisiert Cloud-Zugangsdaten, Service-Tokens und private Schlüssel zu exfiltrieren. Die Angriffskampagne nutzt kompromittierte Pakete als Eintrittspunkt in Entwicklungsumgebungen und entfaltet ihre […]…
-
Kompromittierte SAP-npm-Pakete stehlen Anmeldedaten
TeamPCP infiltriert offizielle SAP-npm-Pakete. Wie der Mini Shai-Hulud-Wurm CI/CD-Systeme knackt und Cloud-Geheimnisse über GitHub exfiltriert. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/sap-pakete-passwoerter-stahlen
-
Supply-Chain-Angriff: Mehrere Softwareprojekte von SAP kompromittiert
Angreifer haben Schadcode in NPM-Pakete von SAP eingeschleust, um massenhaft Zugangsdaten abzugreifen. Entwickler sollten zügig handeln. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-angriff-mehrere-softwareprojekte-von-sap-kompromittiert-2604-208187.html
-
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets
Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting malicious pre-install scripts that execute silently during dependency installation. By leveraging a multi-stage payload, the…
-
Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/official-sap-npm-packages-compromised-to-steal-credentials/
-
Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework
SAP CAP packages compromised via Claude Code in AI-assisted worm attack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/shai-hulud-strikes-sap-supply-chain-worm-weaponized-claude-code-to-compromise-the-cap-framework/
-
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign calling itself the mini Shai-Hulud has affected the following packages associated with SAP’s JavaScript and cloud application First seen on thehackernews.com Jump…
-
A Mini Shai-Hulud Targeting the SAP Ecosystem
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP’s Node.js packages, and it’s still active. Here’s what GitGuardian found. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/a-mini-shai-hulud-targeting-the-sap-ecosystem/
-
A Mini Shai-Hulud Targeting the SAP Ecosystem
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP’s Node.js packages, and it’s still active. Here’s what GitGuardian found. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/a-mini-shai-hulud-targeting-the-sap-ecosystem/
-
SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign calling itself the mini Shai-Hulud has affected the following packages associated with SAP’s JavaScript and cloud application First seen on thehackernews.com Jump…
-
Business Planning and Consolidation und Business Warehouse – Kritische SQL-Injection bei SAP
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sap-luecke-sql-injection-bpc-bw-a-c15c6075a2743862938ab0a9400e4667/
-
SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws
SAP released its monthly Security Patch Day updates, addressing 19 new security notes and one update to a previously released note. According to the official SAP Support Portal, these patches resolve severe vulnerabilities, including critical SQL injection, Denial of Service (DoS), and code injection flaws. SAP strongly advises all administrators to review these updates and…
-
Compliance-Angebot – Axians veröffentlicht SAP-Add-ons für KRITIS von Energie bis Verteidigung
First seen on security-insider.de Jump to article: www.security-insider.de/axians-24-sap-add-ons-kritis-compliance-a-28df3decdc4630a5629bf012c276aef9/
-
How ‘Wikipedia of cyber’ helps SAP make sense of threat data
SAP runs enormous cloud environments for some of the world’s most heavily-regulated organisations, and in the hyperscale era, data security and compliance were becoming big challenges. It turned to cutting-edge agentic tools from Uptycs to cut through the noise First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641057/How-Wikipedia-of-cyber-helps-SAP-make-sense-of-threat-data
-
Klassische Pentests enden oft an der SAP-Anwendungsschicht – SAP-Systeme als blinder Fleck bei Penetrationstests
First seen on security-insider.de Jump to article: www.security-insider.de/sap-sicherheit-warum-klassische-pentests-nicht-reichen-a-27609086567f2813c621225e41c6dead/
-
SAP already shifting focus from ERP migration disaster in pursuit of AI-driven growth
New commercial models planned after cloud transition falls Euro2B behind target First seen on theregister.com Jump to article: www.theregister.com/2026/03/24/sap_commercial_focus/
-
SAP’s grand cloud escape plan Euro2B short of the runway
Strategy launched after 2020 share price crash is 24% behind target First seen on theregister.com Jump to article: www.theregister.com/2026/03/19/sap_2b_off_target/
-
SAP zeichnet All for One Group in der Kategorie SAP Business Suite Success aus
Der Award unterstreicht insbesondere die Stärke der All for One Group bei der Implementierung durchgängiger End-to-End-Prozesse auf Basis der SAP Business Suite. Die SAP Partner Awards werden jährlich vergeben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/all-for-one-group-erhaelt-globalen-sap-partner-award-2026/a44136/
-
All for One Group erhält globalen SAP Partner Award 2026
Der Award unterstreicht insbesondere die Stärke der All for One Group bei der Implementierung durchgängiger End-to-End-Prozesse auf Basis der SAP Business Suite. Die SAP Partner Awards werden jährlich vergeben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/all-for-one-group-erhaelt-globalen-sap-partner-award-2026/a44136/
-
How to Govern AI Access to ERP and Financial Systems
AI is now sitting in the middle of your financial systems, making decisions at machine speed with access to data that used to be tightly contained in ERP. If you don’t explicitly govern how copilots and AI agents touch Oracle, SAP, and other business”‘critical systems, you end up with opaque data flows, Segregation of Duties……
-
How to Govern AI Access to ERP and Financial Systems
AI is now sitting in the middle of your financial systems, making decisions at machine speed with access to data that used to be tightly contained in ERP. If you don’t explicitly govern how copilots and AI agents touch Oracle, SAP, and other business”‘critical systems, you end up with opaque data flows, Segregation of Duties……
-
How to Govern AI Access to ERP and Financial Systems
AI is now sitting in the middle of your financial systems, making decisions at machine speed with access to data that used to be tightly contained in ERP. If you don’t explicitly govern how copilots and AI agents touch Oracle, SAP, and other business”‘critical systems, you end up with opaque data flows, Segregation of Duties……
-
Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems.The vulnerabilities in question listed below -CVE-2019-17571 (CVSS score: 9.8) – A code injection vulnerability in SAP Quotation Management Insurance application (FS-QUO)CVE-2026-27685 (CVSS score: 9.1) – An insecure deserialization First seen on thehackernews.com…
-
March Patch Tuesday: Three high severity holes in Microsoft Office
aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…