SAP: SAP and Intercom hit by Mini...

The TeamPCP hacking group compromised software packages from SAP, Intercom, and the PyPI package Lightning. This supply chain attack, named Mini Shai-Hulud, injected malicious code into npm and PyPI packages to steal developer credentials.

The malware harvests secrets including credentials for GitHub, npm, AWS, Azure, and GCP. It exfiltrates stolen data by creating public GitHub repositories under the victims' own accounts.

Security researchers report the malware self-propagates by using stolen tokens to infect additional software packages. This follows a trend of worm-like attacks targeting the software ecosystem.

Related News

🔴 SAP SE is trading 3.1% down today on profit taking and reassessment of AI expectations

SAP CEO Predicts AI Replacing Human Developers Within Four Years

SAP and Google Cloud to Deploy AI-Powered Commerce Architecture

🔴 SAP SE is trading 3.2% down today on tech-sector pressure following Fed decision

🔴 SAP SE is trading 5.1% down today as Oracle’s AI spending plans pressure enterprise software sentiment