Mini Shai-Hulud: Malware Targeting the Software Supply Chain for SAP Development Tools
On April 30, SAP released SAP Security Note 3747787 in response to the discovery of malicious code in npm packages connected to SAP development tools. The code is part of a malware campaign labelled Mini Shai-Hulud targeting the software supply chain for SAP cloud development. Shai-Hulud is a reference to the sandworms from the fictional […]
How to Protect SAP Systems from SQL Injection Attacks Highlighted by FBI & CISA
The FBI and CISA have issued an urgent alert regarding the active exploitation of SQL injection vulnerabilities by cybercrime groups like CL0P (TA505). These attacks have resulted in significant ransomware extortion, underscoring the critical need for organizations to secure their software—especially custom applications running on platforms like SAP. This post breaks down the recent FBI […]
Securing Custom SAPUI5 Applications using the Cybersecurity Extension for SAP
SAPUI5 is the foundation of Fiori applications in SAP solutions such as SAP HANA and S/4HANA. It provides a HTML5 framework for developing flexible and user-friendly applications that perform consistently across all browsers, platforms, and devices, and integrate with ABAP programs using APIs such as OData services. The SAPUI5 library is based on the jQuery […]