SlowMist(@SlowMist_Team):🚨 SlowMist TI Alert 🚨 MistEye has detected a cross-registry supply chain attack targeting developers through malicious packages published to npm, PyPI, and https://t.co/FjenHMCka4. The campaign includes 34+ malicious packages and 384+ related versions. Targeted communities include crypto, DeFi, Solana, Sui/Move, and AI developers. Potential attacker actions include theft of crypto wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer secrets. Some payloads also attempt persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Remove affected packages immediately. Isolate impacted systems, preserve logs, rotate exposed credentials, rebuild CI runners and developer machines from clean images, and review GitHub, cloud, SSH, and wallet activity. As always, stay vigilant!

2026.05.25 08:09

🚨 SlowMist TI Alert 🚨 MistEye has detected a cross-registry supply chain attack targeting developers through malicious packages published to npm, PyPI, and The campaign includes 34+ malicious packages and 384+ related versions. Targeted communities include crypto, DeFi, Solana, Sui/Move, and AI developers. Potential attacker actions include theft of crypto wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developer secrets. Some payloads also attempt persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Remove affected packages immediately. Isolate impacted systems, preserve logs, rotate exposed credentials, rebuild CI runners and developer machines from clean images, and review GitHub, cloud, SSH, and wallet activity. As always, stay vigilant!