Advisories 4 May 2026 / 0 Comments

SAP NPM Supply Chain Compromise – Malicious Packages Stealing Developer Credentials

Scope: SAP NPM Packages / Developer Environments

Severity: Red

A supply chain attack targeting official SAP NPM packages allowed threat actors to inject credential-harvesting code that exfiltrates API keys, tokens, and environment variables to attacker-controlled infrastructure upon installation or update. Exploitation can propagate through CI/CD pipelines into enterprise systems and cloud services, enabling lateral movement and poisoning of downstream software releases. Organizations should remove compromised packages, rotate all credentials immediately, and enforce dependency integrity verification and package version pinning.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

SAP NPM Supply Chain Compromise – Malicious Packages Stealing Developer Credentials

BlueKit Phishing-as-a-Service Platform – AI-Assisted Credential Theft Campaigns

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

SAP NPM Supply Chain Compromise – Malicious Packages Stealing Developer Credentials

RELATED ADVISORIES

BlueKit Phishing-as-a-Service Platform – AI-Assisted Credential Theft Campaigns

Recent Advisories

Categories