Security researchers have identified a coordinated supply chain campaign targeting popular development packages, compromising npm modules used by SAP and Intercom, as well as the PyPI package Lightning. The attack group calls itself Mini Shai-Hulud.
The latest wave of supply chain attacks has expanded its footprint, affecting widely-used packages across multiple ecosystems. Researchers discovered that threat actors successfully compromised packages relied upon by major enterprise software providers and communication platforms.
The compromised npm packages include tools used by SAP and Intercom, two significant players in enterprise software and customer communication platforms respectively. Additionally, the Lightning package on PyPI, Python's official package repository, was also targeted in the same campaign.
Supply chain attacks have become an increasingly common vector for threat actors seeking to distribute malware at scale. By compromising legitimate packages that developers download and integrate into their applications, attackers can potentially reach thousands of organizations with a single compromised release.
The attackers behind this campaign have identified themselves as Mini Shai-Hulud, though the significance of the name remains unclear. The group's targeting of both JavaScript and Python ecosystems suggests a broad approach to penetrating development infrastructure.
These attacks underscore the vulnerability of open-source software supply chains, where packages are often maintained by small teams with limited security resources. Organizations relying on affected packages are advised to review their dependencies and update to patched versions when available.
Security experts continue to stress the importance of package verification, dependency scanning, and monitoring for unusual package behavior. The frequency of these supply chain compromises highlights the need for stronger security practices across software development environments and repository platforms.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.