Loading article…
TeamPCP supply chain attack hits four SAP npm packages with over 500,000 weekly downloads, exposing developer and cloud credentials.
The malicious “Mini Shai‑Hulud” campaign compromised four SAP Cloud Application Programming Model (CAP) and MBT npm packages on Wednesday, injecting pre‑install scripts that harvest GitHub, npm and cloud credentials [1].
| At a glance | |
|---|---|
| Packages compromised | @cap-js/sqlite v2.2.2, @cap-js/postgres v2.2.2, @cap-js/db‑service v2.10.1, mbt v1.2.48 |
| Weekly downloads | > 500,000 aggregate downloads across the four packages |
| Date of release | Wednesday (week of May 1, 2024) |
| Catalyst | TeamPCP supply‑chain attack using “Mini Shai‑Hulud” payload [1] |
The four npm packages, core to SAP’s cloud deployment workflows, were published with malicious pre‑install scripts that execute automatically when the dependency is installed. Researchers at Wiz, Socket and Aikido Security traced the campaign to the cyber‑crime group TeamPCP, noting technical overlaps with its prior compromises of Trivy and KICS [1]. The payloads collect a range of secrets—including GitHub tokens, npm credentials, Kubernetes and CI/CD keys—and exfiltrate the data to attacker‑controlled GitHub repositories. Unlike earlier “Shai‑Hulud” waves that dumped secrets openly, this campaign encrypts the stolen data before exfiltration [1].
Socket estimates the affected packages receive more than half a million downloads each week, meaning a single compromised install can expose developer machines or CI pipelines that hold privileged access to GitHub, npm and major cloud providers [1]. SAP responded by publishing a security note for customers and partners, but the rapid takedown of the poisoned packages leaves a window of exposure that may already have been exploited [1]. Aikido’s Raphael Silva warns that the fallout could be extensive, as stolen credentials can be reused to compromise downstream repositories and enterprise environments [1].
TeamPCP’s approach mirrors a growing trend of multi‑stage supply‑chain attacks that first steal publishing credentials, then use them to inject malicious code into high‑value packages. Similar tactics have recently appeared in attacks on the lightning PyPI package and Intercom’s npm SDK, suggesting the group is expanding across ecosystems [1]. While the exact initial breach vector for the SAP packages remains unconfirmed, a misconfigured CircleCI token in the mbt repository is a leading hypothesis [1].
The Mini Shai‑Hulud incident underscores the heightened risk to enterprise software supply chains when high‑profile, widely used packages are targeted, and it raises questions about how quickly organizations can detect and remediate credential theft across complex CI/CD environments.
Coverage is mostly measured — 8 of 8 reports stay neutral.
Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.
Free · 3-min read · one-click unsubscribe
AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 2 outlets · Jul 18, 2026 · How we report
Injective filed a transfer agent registration with the SEC to maintain on‑chain ownership records for tokenized securities.
No, the filing is pending and the SEC may request additional information before making a final determination.
No, the malicious package had zero downloads and was removed before any developers could use it, so no funds were at risk.
Injective deprecated the affected package versions, released clean replacements, and implemented additional protections for its npm supply chain.
The network can settle transactions in less than one second, allowing ownership updates to occur almost instantly.