StepSecurity(@step_security):🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown:

StepSecurity

@step_security

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner

Joined November 2021

23 Following 500 Followers

StepSecurity@step_security

2026.04.29 14:41

🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown: