SAP Ecosystem Targeted: The Mini Shai-Hulud Supply Chain Attack

A sophisticated npm supply-chain campaign named "Mini Shai-Hulud" has compromised several SAP CAP-related packages by adding a malicious preinstall hook that fetches a Bun runtime and executes a credential-stealing payload. The malware harvests SSH keys, cloud credentials, Kubernetes configs, CI secrets (including memory scraping of masked secrets), and AI/IDE configuration backdoors, exfiltrating data via newly created GitHub repositories while using stolen tokens to propagate to other packages; immediate dependency audits, secret rotation, IoC hunts, and GitHub activity monitoring are recommended.