Sap

The Mini Shai-Hulud campaign injected malicious code into SAP NPM packages, targeting credentials and cloud secrets related to SAP Cloud Application Programming (CAP) and SAP cloud deployment workflows, exfiltrating data through public GitHub repositories.

CVE-2026-27681 describes an insufficient authorization check vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse that allows authenticated users to execute crafted SQL statements, leading to unauthorized data access, modification, and deletion.