SlowMist: Project teams should be wary of the latest variant of NPM supply chain attacks, Shai-Hulud 3.
SlowMist Technology Chief Information Security Officer 23pds issued a security warning, the latest variant of the NPM supply chain attack "Shai-Hulud 3" is attacking again, please all project parties and platforms pay attention to prevention. Previously, the suspected Trust Wallet API key leak may have been caused by the Shai-Hulud 2 attack.Shai-Hulud is a series of self-propagating worm-like supply chain attacks targeting the NPM ecosystem, used to steal developer credentials, cloud keys, and environment secrets. The latest variant (referred to by the community as Shai-Hulud 3 or new strain) was discovered by Aikido Security researcher Charlie Eriksen on December 28, 2025. Currently, the spread is limited and may only be in the testing phase.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Mike Novogratz says XRP and Cardano need to prove real-world utility
Trend Research under Yilihua increases holdings by 11,520 ETH
Trending news
MoreCrypto prices
More
