According to blockchain security firm SlowMist, its threat monitoring system MistEye detected a sophisticated npm worm named ‘Mini Shai-Hulud’ spreading through developer projects including TanStack, UiPath, and DraftLab. The malware uses compromised GitHub credentials to publish packages disguised as legitimate updates, injecting a hidden script called router_init.js that runs silently in CI/CD environments like GitHub Actions. The worm targets CI/CD keys, cloud infrastructure credentials, and cryptocurrency wallet information, exfiltrating data via GitHub infrastructure. SlowMist advised affected projects to immediately scan CI/CD pipelines for router_init.js, rotate all exposed GitHub and cloud credentials, and monitor development environments for suspicious background activity.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
A Telegram username sold for a million-dollar price triggers a forged USDT phishing attack
According to Bits.media, reported on May 13, multiple Telegram usernames and virtual vanity numbers were sold on the Fragment auction platform at record-high TON token prices; within a few hours after the trades, the attacker launched a forged USDT attack on users of the TON blockchain NFT trading platform Getgems. A Chinese collector reportedly lost more than $800k in a virtual-number code. Fragment Platform Vanity Number Deal Records According to Bits.media, the major completed deals on the Fr
MarketWhisper52m ago
Telegram Usernames Sell for Record $2.1 Million in TON, Followed by Phishing Attacks
According to Bits.media, Telegram usernames and premium numbers sold for record-high prices in TON tokens on May 13, with @danbao fetching 1.58 million TON (approximately $2.1 million) from an anonymous buyer last weekend, marking the platform's highest transaction. Other premium numbers
GateNews1h ago
Aave and Kelp Complete First Step of rsETH Recovery, Destroy 117,132 rsETH on Arbitrum
According to ChainCatcher, Aave and Kelp have completed the first phase of their rsETH recovery plan, destroying attacker-held rsETH on Arbitrum. Over the coming days, the parties will gradually replenish funds to LayerZero's OFT adapter and phase in the restart of rsETH operations, with 117,132 rsE
GateNews3h ago
Bitcoin Network Flooded With 200,000 Fake Node Addresses Since April 9, Sparking Sybil Attack Concerns
According to Bitcoin developer Jameson Lopp, roughly 200,000 unreachable node addresses have been flooding Bitcoin's peer-to-peer network since April 9, 2026, raising concerns about a potential Sybil-style attack. The anomaly caused ADDR messages—the protocol nodes use to share peer addresses—to
GateNews7h ago
The U.S. DOJ charges three men from Tennessee for cross-state wrench attacks: robbed a California crypto holder of $6.5 million
The U.S. Department of Justice on May 12 filed federal charges against three Tennessee men: Elijah Armstrong, Nino Chindavanh, and Jayden Rucker. The three allegedly crossed state lines into California from November to December 2025, disguised themselves as delivery workers to break into the homes of cryptocurrency holders, then after restricting the victims’ movements with firearms, zip ties, and tape, forced them to transfer crypto assets, with the single largest amount reaching $6.5 million.I
ChainNewsAbmedia13h ago
Aurellion Suffers Attack, 455,003 USDC Drained Today
According to Slow Mist, decentralized shipping project Aurellion suffered an attack today (May 12), with attackers gaining control of the Diamond contract and draining 455,003 USDC from multiple authorized victim
GateNews16h ago
