coin-img-ETHETH-0.26%coin-img-BTCBTC+0.41%coin-img-HYPEHYPE+1.18%coin-img-SOLSOL-0.50%coin-img-XRPXRP-0.41%coin-img-USDCUSDC-0.02%coin-img-DOGEDOGE-0.14%coin-img-TRXTRX+0.66%coin-img-ETHETH-0.26%coin-img-BTCBTC+0.41%coin-img-HYPEHYPE+1.18%coin-img-SOLSOL-0.50%coin-img-XRPXRP-0.41%coin-img-USDCUSDC-0.02%coin-img-DOGEDOGE-0.14%coin-img-TRXTRX+0.66%coin-img-ETHETH-0.26%coin-img-BTCBTC+0.41%coin-img-HYPEHYPE+1.18%coin-img-SOLSOL-0.50%coin-img-XRPXRP-0.41%coin-img-USDCUSDC-0.02%coin-img-DOGEDOGE-0.14%coin-img-TRXTRX+0.66%coin-img-ETHETH-0.26%coin-img-BTCBTC+0.41%coin-img-HYPEHYPE+1.18%coin-img-SOLSOL-0.50%coin-img-XRPXRP-0.41%coin-img-USDCUSDC-0.02%coin-img-DOGEDOGE-0.14%coin-img-TRXTRX+0.66%

MistEye Flags Cross-Registry Supply-Chain Attack Aimed at Crypto and AI Developers

ME News said BlockBeats reported on May 25 (UTC+8) that security firm MistEye has uncovered a cross-registry software supply-chain attack. The threat actors uploaded malicious packages to npm, PyPI, and crates.io, focusing on developers across cryptocurrency, decentralized finance (DeFi), Solana, Sui/Move, and AI. MistEye identified more than 34 malicious packages spanning over 384 related versions. The campaign may have been used to steal sensitive data including crypto wallet information, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, and environment variables. Some payloads also attempted to establish persistence through methods such as .git hooks, shell hooks, and SSH. MistEye recommends developers remove the affected packages immediately, isolate any compromised systems, preserve logs, rotate exposed credentials, rebuild development and production environments from trusted images, and review incident logs on relevant platforms. (Source: MLion)
Selected
SOL
SOL-0.47%
SUI
SUI-1.46%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.