T1195.001Compromise Software Dependencies and Development Tools
99%
“" a mini shai - hulud has appeared " : bun - based stealer hits sap @ cap - js and mbt npm packages " a mini shai - hulud has appeared " : bun - based stealer hits sap @ cap - js and mbt npm packages april 29, 2026 0 mins readon april 29, 2026, attackers published malicious versi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
97%
“day ) reads : " on april 29, 2026, a supply chain attack compromised the repository — an unauthorized actor pushed malicious commits that hijacked the release workflow and triggered unauthorized npm publications. the attacker was able to publish compromised packages because the w…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
93%
“before. the original shai - hulud campaign in september 2025 hit @ ctrl / tinycolor, ngx - bootstrap, ng2 - file - upload, and a long tail of dependents ( snyk ' s zero - day vulnerability report tracked it as it unfolded ). the follow - on wave sha1 - hulud in november 2025 expa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
93%
“. the campaign reuses the shai - hulud name ( the dead - drop repositories are tagged with it ) and includes functional npm self - propagation code per stepsecurity ' s full deobfuscation. as of publication, only the four originally compromised packages have been observed in the …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
89%
“/ sqlite @ 2. 2. 2 was unpublished from npm shortly after detection. the remaining malicious versions carry npm deprecation strings : mbt @ 1. 2. 48 is flagged with " security : this version contains malicious code. do not use. " while the @ cap - js / * malicious versions read "…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
89%
“self - publishing : the code is present and functional per stepsecurity ' s static deobfuscation. the payload harvests npm tokens with regex / npm _ [ a - za - z0 - 9 ] { 36, } / g, validates each one againstregistry. npmjs. org / - / npm / v1 / tokens ( filtering forbypass _ 2fa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
89%
“new persistence mechanism. defensive priorities ( lockfile audit, credential rotation, lifecycle script policy ) are the same either way. how the attack works the compromise pattern is consistent across all four packages : the malicious tarball preserves the legitimate package fi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
83%
“anthropic ' s claude - code # 49778 on the sessionstart hook was filed twelve days earlier and remains open without an anthropic response, citing a real - world precedent in the cozempic supply chain audit. the trivy ai - agent compromise ( cve - 2026 - 28353 ) in march 2026 went…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
82%
“. the injected workflow uses $ { { tojson ( secrets ) } } to dump every repository secret into a build artifact namedformat - results. txt. daemonization on developer machines. on non - ci hosts, the payload forks itself as a detached background process tagged with the env var _ …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
77%
“range can pull @ cap - js / db - service @ 2. 10. 1 ( the malicious version ) as a transitive without anyone listing it directly. for snyk customers, snyk test and snyk monitor will surface the malicious versions against the four advisories listed above. the snyk advisor pages fo…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
76%
“" a mini shai - hulud has appeared " : bun - based stealer hits sap @ cap - js and mbt npm packages " a mini shai - hulud has appeared " : bun - based stealer hits sap @ cap - js and mbt npm packages april 29, 2026 0 mins readon april 29, 2026, attackers published malicious versi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
71%
“hook attack vector itself was reported to npm in 2016 and marked working as intended, as paulirish reflagged on hacker news ; a decade later, it remains the most - exploited surface in the ecosystem. snyk has more on this in npm security best practices and a longer treatment of u…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
67%
“##mjs. org and the github api : 09 : 55 : 25 : mbt @ 1. 2. 48 published from thecloudmtabot npm account. 10 : 01 : 07 : first victim dead - drop repository appears on github ( gruposbftechrecruiter / siridar - navigator - 935, per github api timestamps ). 11 : 25 : 47 : @ cap - j…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
59%
“/ sqlite @ 2. 2. 2 was unpublished from npm shortly after detection. the remaining malicious versions carry npm deprecation strings : mbt @ 1. 2. 48 is flagged with " security : this version contains malicious code. do not use. " while the @ cap - js / * malicious versions read "…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
48%
“additions. pin to clean versions. for the three @ cap - js packages, prefer sap ' s post - incident releases ( @ cap - js / db - service @ 2. 11. 0, @ cap - js / sqlite @ 2. 4. 0, @ cap - js / postgres @ 2. 3. 0 ) as the forward pin and the pre - incident versions ( 2. 10. 0, 2. …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
43%
“cli and advisor pages ). both prior campaigns demonstrated worm behavior : the payload would harvest a victim ' s npm token, then use it to publish itself into every other package the token had write access to. public attention has tracked accordingly : the wikipedia article on t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
40%
“contains a single readme. md plus one or more files at results / results - < unix - ms > - < counter >. json. direct inspection of one live victim repo by external researchers confirmed the file format : because the wrapping key is the attacker ' s rsa - 4096 public key, the cont…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
36%
“##ffs. treat additions in either file as a potential supply chain signal, even if they look like routine dependency hygiene commits. for soc and detection engineering teams, the microsoft defender kql queries published in m4nbat / 100 _ days _ of _ kql _ 2026 ( day 17 ) catch the…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587Develop Capabilities
35%
“new persistence mechanism. defensive priorities ( lockfile audit, credential rotation, lifecycle script policy ) are the same either way. how the attack works the compromise pattern is consistent across all four packages : the malicious tarball preserves the legitimate package fi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204.002Malicious File
33%
“##nyk has seen elsewhere this year, including the axios cross - platform rat incident where the install hook reached out for a native binary delivered through a separate dependency. for mbt, the diff between 1. 2. 47 ( clean ) and 1. 2. 48 ( malicious ) looks like this : preinsta…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A new npm supply chain attack self-branded "Mini Shai-Hulud" compromised four SAP-ecosystem packages on April 29, 2026. Snyk has live advisories. Here's the technical breakdown, IOCs, and what to do.