🤢 UGLY - Official SAP npm packages compromised in supply chain attack - Attackers targeted devel...

Summary

Attackers compromised official SAP packages on npm registry, injecting malicious code to steal developer credentials and authentication tokens. This supply chain attack leveraged the trust developers place in official vendor packages to gain access to downstream systems and potentially sensitive infrastructure.

Indicators of Compromise

• malware — SAP npm package injection

Entities