PANews reported on December 29th that 23pds, Chief Information Security Officer of SlowMist Technology, issued a security alert: a new variant of the NPM supply chain attack, "Shai-Hulud 3.0," has resurfaced. Projects and platforms are urged to take precautions. Previously, it was suspected that the Trust Wallet API key leak was caused by the Shai-Hulud 2.0 attack. Shai-Hulud is a series of self-propagating worm-like supply chain attacks targeting the NPM ecosystem, used to steal developer credentials, cloud keys, and environment secrets. The latest variant (referred to by the community as Shai-Hulud 3.0 or the new strain) was discovered on December 28, 2025, by Charlie Eriksen, a researcher at Aikido Security. Currently, its spread is limited and may only be in the testing phase.
SlowMist: Project teams should be wary of the latest variant of NPM supply chain attacks, Shai-Hulud 3.0.
Share to:
Author: PA一线
This content is for market information only and is not investment advice.
Follow PANews official accounts, navigate bull and bear markets together
Recommended Reading
Related Topics
PANews App
24/7 blockchain news tracking and in-depth analysis.
