🚨Analysis of the Supply Chain Poisoning Attack on the Official Mistral AI SDK 🚨 SlowMist’s MistEye threat monitoring system has identified a malicious version of the official Mistral AI Python SDK: mistralai==2.4.6. Unlike typical typosquatting attacks, this was not a fake package. The malicious code was injected directly into the official SDK release pipeline. 🔍 Key Findings • Malicious code hidden in the SDK import entry point • Silent download of a remote payload disguised as transformers.pyz • Theft of cloud credentials, SSH keys, CI/CD tokens, password manager data, Kubernetes Secrets, and more • 1/6 probability of triggering rm -rf /* on systems associated with Israel or Iran • Strong attribution links to the previously disclosed Shai-Hulud supply chain attack framework through the same 4096-bit RSA public key Our analysis reconstructs the full attack chain, persistence mechanisms, encrypted exfiltration workflow, and the correlation between the Python and TypeScript attack frameworks. Full article👇

We recently issued an alert regarding the active supply chain attack targeting the foundational Node.js library node-ipc (malicious versions: 9.1.6, 9.2.3, 12.0.1). ✍️We have now published a detailed technical analysis covering the attack background, payload deobfuscation, credential stealing & DNS tunneling exfiltration, trigger mechanisms, and remediation recommendations. 📖 Full Analysis:

So proud of the @ledger team for making clear signing on Ethereum a reality. They built in the open, brought together stakeholders across the ecosystem, and created the 7730 standard as a public good for Ethereum.

🚨 MistEye TI Alert 🚨 MistEye has detected a highly sophisticated npm worm, "Mini Shai-Hulud," spreading through trusted developer projects like TanStack, UiPath, and DraftLab. The attackers hijacked GitHub credentials to publish malicious, yet seemingly legitimate, package updates. The malware injects a heavily disguised hidden script (router_init.js) that runs silently in the background of CI/CD environments (like GitHub Actions). It is specifically designed to harvest highly sensitive data, including CI/CD secrets, cloud infrastructure keys, and cryptocurrency wallets. The stolen data is then stealthily smuggled out using GitHub's own infrastructure. We have synchronized these critical IOCs with our clients. If your projects utilize the affected packages, immediate action is required: please audit your CI/CD pipelines for the presence of the router_init.js file, rotate all exposed GitHub, cloud, and crypto credentials, and closely monitor your development environments for any unauthorized background activity. As always, stay vigilant!

🚨SlowMist TI Alert🚨 💸 @Aurellion_Labs Loss: 455,003 USDC (~$455,003) 🔍 Root Cause: Unprotected initialize(address varg0) in SafeOwnable Facet. Diamond set owner via non-initialize path without updating _initialized version slot (bytes 0-7 of 0xf0c57e...) from 0, allowing re-init by attacker to overwrite owner, call diamondCut to inject malicious facet with pullERC20, and drain approved USDC. 📌 Victim Contract: 0x0adc63e71b035d5c7fdb1b4593999fa1f296f1b2 📌 Vulnerable Facet: 0x3ca79c1cf29b8d19f7c643bb6e6bc9c49762e70f 📌 Attacker EOA: 0x9f49591a3bf95b49cd8d9477b4481ce9da68d5ca Attacker seized Diamond ownership and drained USDC from approved victims including 0x2e933518..., 0xa90714a1..., 0xeced2d37.... Powered by #SlowMist#.AI

🚨SlowMist TI Alert🚨 💸 Loss: 140,180 USDT (140,180,175,562 tokens) 🔍 Root Cause: Missing access control in addUsers (0x4777ff62) function of PayrollDistribution. Anyone can register users for existing drop and set arbitrary totalAmount. 📌 Attacker: 0x90b147592191388e955401af43842e19faa87ee2 📌 Victim: 0xa184af4b1c01815a4b57422a3419e4fb78a96ee4 📌 Vulnerable Contract: 0xef2c77f3b9b8aaa067239bc6b4588bae26433494 Attacker registered exploit contract via addUsers in constructor, flash loaned USDT deposit, claimed oversized payroll from drop #3#. Powered by #SlowMist#.AI

🚨 A typical AI Agent security incident recently occurred on the Base chain. An attacker sent a carefully crafted Morse code message to @grok, inducing it to output transfer instructions. @bankrbot then directly parsed and executed those instructions, ultimately leading to the transfer of real on-chain assets. Our analysis found that the core issue was NOT that Grok held private keys. Instead, the real problem was: • Untrusted #AI# natural language outputs were treated as executable financial commands • Permission isolation was insufficient • Trust boundaries between AI output and execution systems were poorly defined This incident highlights the growing security risks at the intersection of AI + Crypto Agents.⚠️ Full analysis 👇