https://allbluesecurity.com Security updates, practical field notes, and deep dives from All Blue Security. en https://allbluesecurity.com/blog/sap-npm-backdoor/ Four SAP npm packages were backdoored with a preinstall hook that fetches the Bun runtime and executes an 11.7 MB credential harvester, draining GitHub tokens, cloud secrets, and live CI pipeline secrets from memory. Wed, 29 Apr 2026 00:00:00 +0000 https://allbluesecurity.com/blog/sap-npm-backdoor/ https://allbluesecurity.com/blog/lightning-pypi-backdoor/ The Mini Shai-Hulud campaign reaches PyPI: two malicious versions of the lightning Python package harvest developer credentials, cloud secrets, and wallet data from affected machines. Thu, 30 Apr 2026 00:00:00 +0000 https://allbluesecurity.com/blog/lightning-pypi-backdoor/ https://allbluesecurity.com/blog/axios-npm-hijack/ A breakdown of the March 2026 axios supply-chain attack: how the maintainer account was hijacked, how the RAT was deployed, and how to check if you were affected. Tue, 31 Mar 2026 00:00:00 +0000 https://allbluesecurity.com/blog/axios-npm-hijack/