According to a recent LinkedIn post from OX Security, the company is drawing attention to a new variant of the Shai-Hulud worm embedded in SAP-related NPM packages. The post suggests this software supply chain threat may affect packages with roughly 2.2 million monthly downloads and has been used to steal developer credentials and push them to more than 1,200 public GitHub repositories.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The LinkedIn post describes the incident as a supply chain attack that executes malicious code on installation, harvesting tokens, secrets, and cloud credentials from environments using the affected packages. It further indicates that the worm uses GitHub commits to exfiltrate data and propagate infection across repositories, machines, and continuous integration and delivery pipelines.
As outlined in the post, exposed data may include API keys, CI/CD secrets, and cloud credentials for major cloud providers such as AWS, GCP, and Azure, posing large-scale risk across the SAP developer ecosystem. The company’s recommendations focus on key rotation, enforcing two-factor authentication, upgrading to patched packages, and checking GitHub for leaked data under a specific commit message, while assuming compromise where indicators are found.
For investors, the post highlights both the severity and visibility of software supply chain threats that OX Security targets with its security solutions. Heightened awareness of such incidents can support demand for supply chain security and DevSecOps tools, potentially strengthening the company’s positioning in an expanding market for developer-focused cybersecurity, though the post does not provide direct information about revenues or customer adoption.