A Mini Shai-Hulud Has Appeared: Obfuscated Bun Runtime Payloads Hit SAP-Related npm Packages - StepSecurity

stepsecurity.io

StepSecurity has detected a new npm supply chain attack campaign using preinstall hooks to download the Bun JavaScript runtime and execute an 11 MB obfuscated payload. At least two SAP-ecosystem packages are confirmed compromised so far.

4 pages link to this URL

Mini Shai-Hulud: npm Worm Hits SAP Developer Packages | Blog | Endor Labs

Endor Labs Endor Labs Apr 29, 2026

Four SAP npm packages were weaponized to steal GitHub, cloud, and AI coding tool secrets. The malware uses Bun to slip past Node-based detection.

1 inbound link website en

AI Agent Config Security Is Supply Chain Security

941 Apps; Blake Crosley Blake Crosley May 18, 2026

AI agent config security belongs in supply-chain review: hooks, editor tasks, install scripts, MCP files, and plugins can execute code before you notice.

0 inbound links website en AI & Technology aiagentssecuritysupply-chainclaude-codehooksdeveloper-tools

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

isc.sans.edu Jun 1, 2011

2 inbound links en

The Good, the Bad and the Ugly in Cybersecurity – Week 18

SentinelOne SentinelOne May 1, 2026

Authorities dismantle cybercrime rings, scammers extract billions using social media, and threat actors poison SAP-related npm packages.

0 inbound links article en The Goodthe Bad and the Ugly cybercyber newsweekly