PANews reported on June 4th that, according to SlowMist monitoring, a new Rust supply chain malware campaign called IronWorm is attacking developer environments and the Web3 ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet mnemonic phrase and password theft, GitHub repository tampering, malicious package distribution, CI/CD confidentiality leaks, Tor-based command control, and eBPF rootkit stealth. Security teams should audit backtracking commits, suspicious branches, accidental build hooks, and commits using automated identities such as claude, dependabot, renovate, or github-actions in repositories. It is recommended to remove or deprecate affected package versions, release clean versions, rotate all leaked keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.