{"data":{"id":"98f72141-18fe-467c-a4ca-ff699ec37cd8","title":"SAP npm package attack highlights risks in developer tools and CI/CD pipelines","summary":"A supply chain attack called \"mini Shai-Hulud\" compromised npm packages (code libraries hosted on npm, a JavaScript package repository) used in SAP development, injecting malware that stole developer credentials and cloud secrets during installation. The attackers exploited configuration gaps in npm's OIDC trusted publishing (a system that verifies package publishers) and used stolen credentials to add malicious GitHub Actions workflows (automated tasks in code repositories) and persist through developer tool configuration files, treating developer workstations as entry points to compromise the entire software supply chain.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4165420/sap-npm-package-attack-highlights-risks-in-developer-tools-and-ci-cd-pipelines.html","publishedAt":"2026-04-30T09:58:51.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["SAP","Claude","GitHub","AWS","Azure","GCP","Kubernetes","npm","Visual Studio Code","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-30T09:58:51.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}