StepSecurity(@step_security):🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown:

StepSecurity

@step_security

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner

가입 November 2021

23 팔로잉 중 500 팬

StepSecurity@step_security

2026.04.29 14:41

🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown: