Hacker News1d ago

Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

https://safedep.io/mini-shai-hulud-strikes-again-314-npm-packages-compromised/

#HackerNews #MiniShaiHulud #npmSecurity #CyberThreats #PackageCompromise #SoftwareVulnerability

Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.

SafeDep - Real-time Open Source Software Supply Chain Security
Analyst207Apr 29

SAP npm Packages Compromised in Supply-Chain Attack

Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

https://osintsights.com/sap-npm-packages-compromised-in-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChain #Sap #Npm #PackageCompromise #EmergingThreats

SAP npm Packages Compromised in Supply-Chain Attack

Learn how SAP npm packages were compromised in a supply-chain attack and what it means for your business, take steps to secure your systems now effectively.

OSINTSights