:

SUPPLY CHAIN ATTACKS HIT SAP, INTERCOM, LIGHTNING

AI DESK2 MIN READ
FRI, MAY 1, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Security researchers have identified a coordinated supply chain campaign targeting popular development packages, compromising npm modules used by SAP and Intercom, as well as the PyPI package Lightning. The attack group calls itself Mini Shai-Hulud.

The latest wave of supply chain attacks has expanded its footprint, affecting widely-used packages across multiple ecosystems. Researchers discovered that threat actors successfully compromised packages relied upon by major enterprise software providers and communication platforms. The compromised npm packages include tools used by SAP and Intercom, two significant players in enterprise software and customer communication platforms respectively. Additionally, the Lightning package on PyPI, Python's official package repository, was also targeted in the same campaign. Supply chain attacks have become an increasingly common vector for threat actors seeking to distribute malware at scale. By compromising legitimate packages that developers download and integrate into their applications, attackers can potentially reach thousands of organizations with a single compromised release. The attackers behind this campaign have identified themselves as Mini Shai-Hulud, though the significance of the name remains unclear. The group's targeting of both JavaScript and Python ecosystems suggests a broad approach to penetrating development infrastructure. These attacks underscore the vulnerability of open-source software supply chains, where packages are often maintained by small teams with limited security resources. Organizations relying on affected packages are advised to review their dependencies and update to patched versions when available. Security experts continue to stress the importance of package verification, dependency scanning, and monitoring for unusual package behavior. The frequency of these supply chain compromises highlights the need for stronger security practices across software development environments and repository platforms.

■ SOURCES

Techmeme

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

2H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

4H AGOIndustry Desk

Vancouver Police Department has implemented a discreet button on its website that instantly closes the page and clears browser history when clicked. The feature is designed to help domestic violence survivors quickly hide their browsing activity.

4H AGOIndustry Desk

Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.