SlowMist: Project teams should be wary of the latest variant of NPM supply chain attacks, Shai-Hulud 3.
SlowMist Technology Chief Information Security Officer 23pds issued a security warning, the latest variant of the NPM supply chain attack "Shai-Hulud 3" is attacking again, please all project parties and platforms pay attention to prevention. Previously, the suspected Trust Wallet API key leak may have been caused by the Shai-Hulud 2 attack.Shai-Hulud is a series of self-propagating worm-like supply chain attacks targeting the NPM ecosystem, used to steal developer credentials, cloud keys, and environment secrets. The latest variant (referred to by the community as Shai-Hulud 3 or new strain) was discovered by Aikido Security researcher Charlie Eriksen on December 28, 2025. Currently, the spread is limited and may only be in the testing phase.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
0xSun: Perp DEX and prediction markets remain the two hottest topics in current crypto discussions
Bloomberg Analyst: All Asset Classes May Decline Next Year, Bitcoin Could Drop to $50,000
Bloomberg Analyst: All Asset Classes May See Broad Declines Next Year, Bitcoin Could Fall to $50,000
Bitcoin's Morning Rally Sees $2 Billion Increase in Long Positions
Trending news
MoreCrypto prices
More
