A new supply chain attack is targeting the SAP developer ecosystem through poisoned npm packages. The campaign uses a malicious worm called “Mini Shai-Hulud,” which runs silently before any npm install completes and steals credentials from developer machines, cloud platforms, and AI coding tools. The attack hit four official SAP-published packages: mbt, @cap-js/sqlite, @cap-js/postgres, and […] The post Attackers Weaponize SAP npm Packages to Steal GitHub, Cloud, and AI Coding Tool Secrets appeared first on Cyber Security News.