A Mini Shai-Hulud Targeting the SAP Ecosystem
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
On April 29, 2026, security researchers detailed a campaign known as ‘mini Shai-Hulud’ that involves compromised versions of npm packages used in SAP’s Cloud Application Programming Model (CAP). The malicious packages reportedly contain functionality to steal sensitive data such as credentials. The stolen data is encrypted and exfiltrated via public GitHub repositories. The maintainers of known-compromised packages have released updated versions.
Persistent Online Worlds, Persistent Risks: The Security Challenges of MMORTS Games
Massively multiplayer online real-time strategy games occupy a specific and underexamined position in the gaming security landscape. Unlike session-based games where a match ends and the state resets, MMORTS titles run continuous worlds where player-built empires, alliances, and resource stockpiles exist around the clock, whether or not the player is logged in. That persistence creates a threat model significantly closer to financial services platforms than most people in either the security or gaming industries tend to acknowledge.
Continuous Threat Exposure Management (CTEM): The Complete Guide to Proactive Cybersecurity
The cybersecurity landscape has fundamentally changed. Organizations today manage sprawling digital environments - cloud workloads, remote endpoints, SaaS applications, third-party APIs, and hybrid infrastructure - all of which expand the attack surface at a pace that traditional security programs simply cannot match.
BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector
Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group.
Crypto theft, Vercel breach, Mastodon attack, North Korean IT in US & cyber negotiator guilty [316]
In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community. Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows.
It's time to treat browser extensions like supply chain attack vectors
You would never install an application that can log into your Google docs, read your keystrokes in your browser, intercepts requests in transit, runs continuously, updates silently, AND could be powerful enough to steal your passwords, right? Well, this is more or less what browser extensions can do, and they create vulnerabilities that extend beyond one computer and or even one company.
Supply chain attacks hit Checkmarx and Bitwarden developer tools
Sophos X-Ops is aware of reports that two widely-used developer tools – the Checkmarx KICs security scanner and the Bitwarden CLI – were hijacked on April 22, 2026, to steal credentials from development environments. These attacks occurred within hours of each other and share the same command-and-control (C2) domain – potentially pointing to a single threat actor running a coordinated campaign. Both vendors have since reportedly contained the incidents.
After the Vercel Breach, Do You Know What Your AI Tools Can Access?
In April 2026, Vercel disclosed that attackers had accessed internal systems and customer credentials — not by breaking into Vercel directly, but by compromising a third-party AI tool one of its employees had connected to their corporate account.
No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours
Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines.