SAP Security Notes, May 2026
SAP Security Note 3747787 addresses the Mini Shai-Hulud malware campaign targeting SAP-related npm packages used in SAP cloud development. The incident involved malicious versions of packages associated with SAP CAP and MTA development tooling, including mbt, @cap-js/sqlite, @cap-js/postgres, and @cap-js/db-service. The compromised packages used a malicious preinstall script that executed during npm installation, downloaded the […]
Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools
On April 30, SAP released SAP Security Note 3747787 in response to the discovery of malicious code in npm packages connected to SAP development tools. The code is part of a malware campaign labelled Mini Shai-Hulud targeting the software supply chain for SAP cloud development. Shai-Hulud is a reference to the sandworms from the fictional […]
From SAP Logs to Security Intelligence: Integrating SAP with Splunk
Splunk is one of the world’s most widely used platforms for collecting, indexing, and analyzing data from across enterprise environments, including servers, applications, cloud services, and network devices. It is commonly used by security operations teams as a Security Information and Event Management (SIEM) platform to centralize log data, correlate events, detect threats, investigate incidents, […]