A sophisticated supply chain attack targeting SAP ecosystem developers has been uncovered, with the threat actor group TeamPCP injecting credential-harvesting malware into widely used SAP npm packages. The campaign, which the group internally refers to as “Mini Shai Hulud,” comprises packages by embedding malicious preinstall scripts that silently execute during routine dependency installation. Researchers at Wiz identified malicious versions of […] The post SAP npm Packages Compromised to Steal Developers, CI/CD Secrets appeared first on Cyber Security News.