StepSecurity(@step_security):🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown:

StepSecurity

@step_security

Secure your GitHub Actions with StepSecurity: Your Trusted CI/CD Security Partner

加入 November 2021

23 正在关注 500 粉丝

StepSecurity@step_security

2026.04.29 14:41

🚨 A Mini Shai-Hulud has appeared. Your npm install just handed your credentials to an attacker. We detected a new supply chain campaign targeting SAP developer packages. It downloads Bun (not Node) to run an 11 MB obfuscated payload. Victim repos are being created on GitHub as we speak. Full breakdown:

显示更多