PANews|Dec 29, 2025 05:11
[SlowMist: Project teams must beware of the latest variant of NPM supply chain attack, Shai-Hulud 3.0]
SlowMist Technology Chief Information Security Officer 23pds has issued a security alert regarding the latest variant of the NPM supply chain attack, 'Shai-Hulud 3.0,' which has resurfaced. Project teams and platforms are advised to take precautions. Previously, the suspected Trust Wallet API key leak may have been caused by the Shai-Hulud 2.0 attack. Shai-Hulud is a series of self-propagating worm-style supply chain attacks targeting the NPM ecosystem, designed to steal developer credentials, cloud keys, and environment secrets. The latest variant (referred to by the community as Shai-Hulud 3.0 or the new strain) was discovered on December 28, 2025, by Aikido Security researcher Charlie Eriksen. Its current spread is limited and may only be in the testing phase.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink