BBG.FM
arrow_backBack to Radio
News

SlowMist: New Rust Supply Chain Malicious Activity IronWorm Attacks Web3 Ecosystem Through npm Packages

en
On June 4, according to SlowMist monitoring, a new Rust supply chain malware campaign named IronWorm is attacking developer environments and the Web3 ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret leakage, Tor-based command and control, and eBPF rootkit stealth. Security teams should audit rollback commits, suspicious branches, unexpected build hooks, and commits from automated identities such as claude, dependabot, renovate, or github-actions in their repositories. It is recommended to remove or deprecate affected package versions, publish clean versions, rotate all leaked keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.
More News
US stocks closed lower across the board, with HOOD down over 6.53%.2026-06-05 20:07:04The Nasdaq 100 index extended its losses to 2.5%.2026-06-05 15:49:04Dragonfly Partner Haseeb: If Zcash Vulnerability Had Been Exploited, Losses Would Primarily Be Borne by Privacy Pool Holders2026-06-05 15:44:51Approximately 343,000 ETH in DeFi protocols are at risk of being liquidated.2026-06-05 15:36:44Bitwise CIO: Bitcoin and other risk assets retreated, while value stocks were relatively resilient; market concerns suggest tech giant IPOs may have peaked.2026-06-05 15:30:44
Share