π New Variant of NPM Supply Chain Attack Emerges
#NPM #supplychainattack #ShaiHulud #ShaiHulud3.0 #securityalert #SlowMist #developercredentials #cloudkeys #environmentsecrets #AikidoSecurity #CharlieEriksen #cybersecurity #TrustWallet
According to BlockBeats, a security alert has been issued by SlowMist Technology's Chief Information Security Officer, 23pds, regarding a new variant of the NPM supply chain attack known as 'Shai-Hulud 3.0.' Project teams and platforms are advised to take preventive measures. Previously, it was suspected that the Trust Wallet API key leak might have been caused by the Shai-Hulud 2.0 attack.
Shai-Hulud is a series of self-propagating worm-like supply chain attacks targeting the NPM ecosystem, aimed at stealing developer credentials, cloud keys, and environment secrets. The latest variant, referred to by the community as Shai-Hulud 3.0 or the new strain, was discovered on December 28, 2025, by Aikido Security researcher Charlie Eriksen. Currently, its spread is limited, suggesting it may still be in the testing phase.#NPM #supplychainattack #ShaiHulud #ShaiHulud3.0 #securityalert #SlowMist #developercredentials #cloudkeys #environmentsecrets #AikidoSecurity #CharlieEriksen #cybersecurity #TrustWallet
π New Phishing Technique and Malware Threats Identified in 2025 Security Analysis
#Phishing #Malware #CyberSecurity #SecurityAnalysis #2025Threats #SlowMist #PhishingTechniques #MaliciousPrograms #DataProtection #SocialMediaSecurity #CyberAttack
According to BlockBeats, SlowMist released its security incident analysis for the fourth quarter of 2025, highlighting a new, more covert phishing technique. This method allows users to be redirected to phishing sites even when they manually enter the correct official domain name. Victims have reported that despite entering the correct address, their browsers automatically complete it with a counterfeit domain created by attackers. This issue is not due to user error but rather because attackers have polluted the browser's history through ads, social media guidance, or fake announcements. Once the phishing domain is stored in the browser's autocomplete logic, users are redirected to a fake site that closely resembles the official website.
Additionally, there is a resurgence in computer malware attacks. Attackers often use phishing links, private messages in social tools, or so-called "resource downloads" to quietly implant malicious programs into users' local environments. Once a device is infected, data related to wallets is at risk.#Phishing #Malware #CyberSecurity #SecurityAnalysis #2025Threats #SlowMist #PhishingTechniques #MaliciousPrograms #DataProtection #SocialMediaSecurity #CyberAttack
π User Loses $1.08 Million in Aave Ethereum LBTC Due to Malicious Signature
#Aave #Ethereum #LBTC #phishing #malicioussignature #ScamSniffer #SlowMist #Cosine #TornadoCash #crypto #hack #ETH
According to PANews, a user has reportedly lost 12 Aave Ethereum LBTC (aEthLBTC), valued at approximately $1.08 million, after signing a malicious 'permission' signature. The incident was detected by Scam Sniffer. SlowMist's Cosine noted that the phishing group responsible for this attack is not among the mainstream ones. The stolen funds were quickly converted into ETH and laundered through Tornado Cash.#Aave #Ethereum #LBTC #phishing #malicioussignature #ScamSniffer #SlowMist #Cosine #TornadoCash #crypto #hack #ETH
π MetaMask Users Warned of New 2FA Scam
#MetaMask #2FAScam #Odaily #SlowMist #CyberSecurity #AccountProtection
According to Odaily, SlowMist Technology's Chief Information Security Officer, @im23pds, has issued a warning on the X platform about a new '2FA security verification' scam targeting MetaMask users. Users are advised to remain vigilant and take necessary precautions to protect their accounts.#MetaMask #2FAScam #Odaily #SlowMist #CyberSecurity #AccountProtection
π Potential Security Flaw Detected in Fusion Project
#SecurityFlaw #FusionProject #ChainCatcher #SlowMist #MistEye #EOAAccount #EIP7702 #ExternalCalls #MaliciousContracts #PlasmaVault #Vulnerability
According to ChainCatcher, SlowMist has reported on the X platform that MistEye has identified potential suspicious activity related to the Fusion project. The root cause is a vulnerability in the foundational contract delegated by an EOA account controlled by the project team through EIP-7702. This flaw permits arbitrary external calls, enabling attackers to create and configure malicious circuit breaker contracts for PlasmaVault, allowing them to extract funds from the contract.#SecurityFlaw #FusionProject #ChainCatcher #SlowMist #MistEye #EOAAccount #EIP7702 #ExternalCalls #MaliciousContracts #PlasmaVault #Vulnerability
π Truebit Protocol Faces Security Breach Due to Integer Overflow Vulnerability
#TruebitProtocol #SecurityBreach #IntegerOverflow #Vulnerability #SlowMist #ForesightNews #Ethereum #TRUtokens #Solidity #SafeMath #TornadoCash #BlockchainSecurity #ETH
According to Foresight News, the SlowMist security team has released an analysis report on the security incident involving Truebit Protocol. On January 8, Truebit Protocol was attacked due to an integer overflow vulnerability in its Purchase contract, allowing the attacker to mint TRU tokens at nearly zero cost and steal 8,535 Ethereum. The root cause was identified as the lack of overflow protection mechanisms in the contract, leading to incorrect price calculations. The stolen funds were subsequently transferred to Tornado Cash. It is recommended that contracts compiled with versions of Solidity prior to 0.8.0 should always use SafeMath to protect all arithmetic operations and prevent overflow-related logical defects.#TruebitProtocol #SecurityBreach #IntegerOverflow #Vulnerability #SlowMist #ForesightNews #Ethereum #TRUtokens #Solidity #SafeMath #TornadoCash #BlockchainSecurity #ETH
π [ContractVulnerability] Shift in DeFi Security Approach Advocated by a16z Researcher
#DeFi #Security #a16z #Blockchain #Vulnerabilities #InvariantChecks #Crypto #HackerAttacks #AI #SmartContracts #Slowmist #Immunefi #GasCosts #SpecificationAsLaw #ChainCatcher
A senior security researcher at a16z Crypto, Daejun Park, has called for a shift in DeFi protocols from 'code as law' to 'specification as law,' advocating for a more principled security approach. According to ChainCatcher, Park suggests implementing standardized specifications and invariant checks to hard-code security measures, automatically reversing transactions that violate predefined rules. He notes that nearly all known vulnerabilities would trigger these checks, potentially preventing hacker attacks during execution.
A report from Slowmist highlights that hackers stole over $649 million last year through code vulnerabilities. Even established protocols like Balancer, which has been operational since 2021, suffered a $128 million loss due to code vulnerabilities in November last year. Developers are increasingly concerned about hackers using AI to find vulnerabilities.
The head of security at Immunefi points out that invariant checks could increase gas costs, potentially driving away users, and are not a cure-all solution. The co-founder of Asymmetric Research mentions that many vulnerabilities are challenging to write invariant rules for that can detect attacks without false positives.#DeFi #Security #a16z #Blockchain #Vulnerabilities #InvariantChecks #Crypto #HackerAttacks #AI #SmartContracts #Slowmist #Immunefi #GasCosts #SpecificationAsLaw #ChainCatcher
π SlowMist Completes Security Audit of Binance Wallet
#SlowMist #Binance #SecurityAudit #DigitalAssets #CyberSecurity #WalletSecurity #TechAudit #BlockchainSecurity #UserTrust #Cryptocurrency
Binance announced on X that SlowMist has successfully completed a comprehensive security audit of its wallet. The audit involved both manual analysis and automated tools to ensure the highest level of security. SlowMist approached the audit from an attackerβs perspective, meticulously examining both open-source and proprietary code to identify potential vulnerabilities.
The security audit aimed to bolster the wallet's defenses against potential threats, ensuring that users can manage their digital assets with confidence. By reviewing the wallet's code thoroughly, SlowMist sought to uncover any weaknesses that could be exploited by malicious actors. This proactive measure underscores Binance's commitment to maintaining a secure platform for its users.
The audit process involved a detailed examination of the wallet's architecture and functionality. SlowMist employed advanced techniques to simulate potential attack scenarios, providing a comprehensive assessment of the wallet's security posture. The findings from this audit will inform future enhancements to the wallet, further strengthening its security features.
This initiative reflects Binance's ongoing efforts to prioritize user security and trust. By collaborating with security experts like SlowMist, Binance aims to ensure that its platform remains resilient against evolving cyber threats. The completion of this audit marks a significant step in safeguarding user assets and maintaining the integrity of the Binance ecosystem.#SlowMist #Binance #SecurityAudit #DigitalAssets #CyberSecurity #WalletSecurity #TechAudit #BlockchainSecurity #UserTrust #Cryptocurrency
π OpenClaw Plugin Center Targeted by Supply Chain Attacks
#OpenClaw #ClawHub #SupplyChainAttacks #MaliciousSkills #Cybersecurity #Base64Encoding #SecurityBreach #Cryptocurrency #Automation #SecurityChecks #SystemCompromise #SlowMist #CommandReview #CyberThreat
OpenClaw's official plugin center, ClawHub, is currently facing supply chain attacks, according to Foresight News. The platform's lack of stringent review mechanisms has allowed numerous malicious Skills to infiltrate, spreading harmful code. To date, 341 malicious Skills have been identified, often disguised as tools for cryptocurrency, security checks, or automation.
Attackers are exploiting the SKILL.md file as an entry point for executing commands, using Base64 encoding to conceal malicious instructions. The attack employs a two-stage loading mechanism to evade detection. In the first stage, the payload is retrieved via curl, and in the second stage, a sample named dyrtvwjfveyxjf23 is deployed to trick users into entering system passwords and stealing local documents and system information.
Users are advised by SlowMist to review any commands that need to be copied and executed, be cautious of prompts requesting system permissions, and prioritize obtaining tools through official channels.#OpenClaw #ClawHub #SupplyChainAttacks #MaliciousSkills #Cybersecurity #Base64Encoding #SecurityBreach #Cryptocurrency #Automation #SecurityChecks #SystemCompromise #SlowMist #CommandReview #CyberThreat
π SlowMist MistEye Analyzes AI Agent Ecosystem Threats
#SlowMist #MistEye #AI #AgentEcosystem #ThreatIntelligence #Weaponization #CyberThreats #Security #AItechnology #CyberSecurity
23pds posted on X. SlowMist MistEye has released a new report focusing on the threat intelligence within the AI agent ecosystem. The report highlights the weaponization of skills and provides an analysis of attack chains. This development underscores the increasing sophistication of cyber threats as AI technologies continue to evolve. The report aims to enhance understanding and preparedness against potential security breaches in AI systems.#SlowMist #MistEye #AI #AgentEcosystem #ThreatIntelligence #Weaponization #CyberThreats #Security #AItechnology #CyberSecurity
π Apifox Desktop Client Faces Supply Chain Attack with Malicious Code Injection
#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview
Apifox's desktop client has been targeted in a supply chain attack, according to PANews. The official CDN-hosted front-end script files were injected with highly obfuscated malicious JavaScript code. Users affected by this breach may face risks such as credential theft, sensitive data exposure, and remote command execution, with the malicious code executing automatically and remaining highly concealed.
Security firm SlowMist advises users to immediately revoke all tokens, reset passwords, log out and log back in to invalidate sessions, block the domain *.apifox.it.com, clear local storage, and review API logs and any abnormal activities.#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview
π MoreLogin Opens Applications for 2026 Security Incident Support Plan
#MoreLogin #SecurityIncident #SupportPlan #Applications #PANews #Scams #CryptocurrencyTheft #SlowMist #Cosine #UserSupport #TechnicalVerification #PrivateKeys #SeedPhrases #WalletAuthorization
MoreLogin has announced the opening of applications for its 2026 Security Incident Special User Support Plan. According to PANews, eligible users must submit their applications through the official customer service portal within the MoreLogin client by March 29, 2026, at 23:59 (UTC+8). Support will be provided following technical verification and level assessment. Detailed rules are available in the official Medium announcement. The company warns users to be cautious of scams, emphasizing that the plan will only be processed through the clientβs customer service portal and will not request seed phrases, private keys, verification codes, or wallet authorization information via private messages.
Earlier, on March 17, it was reported by SlowMist's Cosine that MoreLogin users were potentially victims of a mass cryptocurrency theft, with hackers profiting approximately $85,000.#MoreLogin #SecurityIncident #SupportPlan #Applications #PANews #Scams #CryptocurrencyTheft #SlowMist #Cosine #UserSupport #TechnicalVerification #PrivateKeys #SeedPhrases #WalletAuthorization