Experts say supply chain attacks compromised SAP and Intercom npm packages, plus the PyPI package Lightning, in a campaign that calls itself Mini Shai-Hulud (Jessica Lyons/The Register)
Cybersecurity experts have identified a supply chain attack campaign dubbed Mini Shai-Hulud that compromised npm packages used by SAP and Intercom, as well as the PyPI package Lightning. The malicious packages were designed to steal sensitive information from developers' systems. The attack highlights ongoing risks in open-source software ecosystems and the need for improved package repository security.
- ▪The Mini Shai-Hulud campaign targeted open-source software supply chains by compromising npm and PyPI packages.
- ▪Malicious versions of npm packages linked to SAP and Intercom were distributed to developers.
- ▪The PyPI package named Lightning was also compromised as part of the same campaign.
- ▪The injected malware aimed to exfiltrate environment variables, credentials, and other sensitive data from development environments.
- ▪Security researchers attribute the campaign to a coordinated effort exploiting trust in popular open-source repositories.
Opening excerpt (first ~120 words) tap to expand
About This Page This is a Techmeme archive page. It shows how the site appeared at 1:25 PM ET, May 1, 2026. The most current version of the site as always is available at our home page. To view an earlier snapshot click here and then modify the date indicated. From Mediagazer Jeremy Barr / The Guardian: Speaking at an event, Sharyn Alfonsi voiced concern about “the spread of corporate meddling and editorial fear” at CBS News and uncertainty over her job Sara Guaglione / Digiday: USA Today's Q1 “other” digital revenue, including AI partnerships, grew 125.6% YoY to $33.75M; visitors fell 7.7% to 180M; digital ad revenue fell 3% to $80.9M Winston Cho / The Hollywood Reporter: A group of TV consumers sue in federal court in California to block Paramount's acquisition of WBD on antitrust…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Techmeme.
Discussion
0 commentsMore from Techmeme
