Sha1-Hulud
Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. Security researchers report that the compromise impacted four packages, with the versions now deprecated on NPM: These packages support SAP’s Cloud Application Programming Model (CAP) and Cloud MTA, which […]
Trust Wallet links $8.5 million crypto theft to Shai-Hulud NPM attack
Trust Wallet believes the compromise of its web browser to steal roughly $8.5 million from over 2,500 crypto wallets is likely related to an “industry-wide” Sha1-Hulud attack in November. Trust Wallet, a crypto wallet used by over 200 million people, enables users to store, send, and receive Bitcoin, Ethereum, Solana, and thousands of other cryptocurrencies […]