Official SAP NPM packages compromised to steal credentials
Brajeshwar
30 points
2 comments
April 30, 2026
Related Discussions
Found 5 related stories in 685.6ms across 14,015 title embeddings via pgvector HNSW
- Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised theanonymousone · 369 pts · May 19, 2026 · 62% similar
- Bitwarden CLI NPM package has been compromised 6mile · 15 pts · April 23, 2026 · 62% similar
- For the 2nd time in weeks, Microsoft packages laced with credential stealer cdrnsf · 40 pts · June 08, 2026 · 61% similar
- New IronWorm malware hits 36 packages in NPM supply-chain attack yogthos · 22 pts · June 05, 2026 · 58% similar
- Axios compromised on NPM – Malicious versions drop remote access trojan mtud · 373 pts · March 31, 2026 · 57% similar
Discussion Highlights (1 comments)
wlkr
This might just be the frequency illusion at play, but there seem to have been a number of high-profile supply chain attacks of late in major packages. There are several articles on the first few pages of HN right now with different cases. Looking back ten years to `left-pad`, are there more successful attacks now than ever? I would suspect so, and surely the value of a successful attack has also increased, so are we actually getting better as a broad community at detecting them before package release? It's a complex space, and commercial software houses should do better, but it seems that whilst there are some excellent commercial products (e.g. CI scan tools), generally accessible, idiot friendly tooling is somewhat lacking for projects which start as hobby/amateur code but end up being a dependency in many other projects.