"The newly compromised packages as of Thursday include intercom-client@7.0.5 and intercom-client@7.0.4, along with lightning@2.6.2 and 2.6.3, all infected with credential-stealing malware."
"The SAP-related npm packages include mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2, collectively receiving about 572,000 weekly downloads."
"Both Wiz and Socket attributed the SAP compromise to TeamPCP, the cybercrime crew linked to earlier infections, noting that the attacks on Intercom and lightning packages contain the same malicious code."
Recent supply chain attacks have targeted security and developer tools, compromising npm packages such as intercom-client and lightning. The attacks involved credential-stealing malware affecting all versions of the packages. SAP-related npm packages were also compromised, linked to a campaign named Mini Shai-Hulud. These packages are widely used, receiving approximately 572,000 weekly downloads. The cybercrime group TeamPCP is attributed to these attacks, which show similarities to previous malware incidents. SAP has issued a security note for affected customers, but it is not publicly accessible.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]