Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer
Compromised SAP npm packages use a Bun-based preinstall payload to steal GitHub, npm, cloud, and CI secrets, then spread via GitHub using OhNoWhatsGoingOnWithGitHub. Category: Vulnerabilities &…
Read the full articleYou might also wanna read

"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages
A new npm supply chain attack self-branded "Mini Shai-Hulud" compromised four SAP-ecosystem packages on April 29, 2026. Snyk has live adviso
Mini Shai Hulud and SAP Compromise
Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/
317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.

TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
On May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistra
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report de
Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malwa

Comments
Sign in to join the conversation.
No comments yet. Be the first.