Slow Fog: All project parties need to be vigilant about the latest variant of NPM supply chain attacks, Shai-Hulud 3

The Chief Information Security Officer of Slow Fog Technology, 23pds, has issued a security alert regarding the latest variant of the NPM supply chain attack, "Shai-Hulud 3." All project teams and platforms are advised to take precautions. It was previously suspected that the leak of the Trust Wallet API key could have led to the Shai-Hulud 2 attack.

Shai-Hulud is a series of self-propagating worm-like supply chain attacks targeting the NPM ecosystem, aimed at stealing developer credentials, cloud keys, and environment secrets. The latest variant (referred to by the community as Shai-Hulud 3 or new strain) was discovered on December 28, 2025, by Aikido Security researcher Charlie Eriksen. The current spread is limited and may only be in the testing phase.