SlowMist
SlowMist|Jun 26, 2026 03:43
🚨 SlowMist TI Alert 🚨 The Mini Shai-Hulud, Miasma, and Hades malware family, now expanding beyond npm into the Go module ecosystem. Affected Go modules: http://github.com/verana-labs/verana@v0.10.1-dev.20 http://github.com/verana-labs/verana@v0.10.1-dev.20.0.20260624204443-73b8dc60cfa6 http://github.com/verana-labs/verana is a Cosmos SDK-based Layer 1 blockchain project for decentralized trust and verifiable registry infrastructure. The compromised repository contains obfuscated payloads under .claude/, execution logic in .claude/setup.mjs and .vscode/setup.mjs, and VS Code/AI assistant workflow hooks that may trigger payload execution when the repository is opened. This is not a traditional Go build-time compromise. The risk lies in source-repository and developer-environment abuse through IDE automation, AI hooks, and hidden workspace configuration. Security teams should avoid opening untrusted repositories with IDE automation enabled, audit .claude and .vscode files, and rotate any potentially exposed developer, cloud, repository, and CI/CD credentials. Special thanks to @SocketSecurity for the excellent discovery. As always, stay vigilant! https://enterprise.misteye.io/threat-intelligence/SM-2026-974234(SlowMist)
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads