SlowMist
SlowMist|5月 25, 2026 08:10
🚨 SlowMist TI Alert 🚨 MistEye has detected a cross-registry supply chain attack targeting developers through malicious packages published to npm, PyPI, and http://Crates.io. The campaign includes 34+ malicious packages and 384+ related versions. Targeted communities include crypto, DeFi, Solana, Sui/Move, and AI developers. Potential attacker actions include theft of crypto wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer secrets. Some payloads also attempt persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Remove affected packages immediately. Isolate impacted systems, preserve logs, rotate exposed credentials, rebuild CI runners and developer machines from clean images, and review GitHub, cloud, SSH, and wallet activity. As always, stay vigilant! https://enterprise.misteye.io/threat-intelligence/SM-2026-352284(SlowMist)
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads