与「SlowMist」相关的搜索结果

🚨 SlowMist TI Alert 🚨 MistEye has received critical threat intelligence regarding an active supply chain attack compromising node-ipc, a foundational Node.js library. The malicious releases have been identified as versions 9.1.6, 9.2.3, and 12.0.1. Threat actors injected an obfuscated credential-stealing payload into the CommonJS bundle. Once loaded, it silently harvests over 90 categories of developer data—including AWS, Azure, GCP, SSH, K8s tokens, and Terraform states—and exfiltrates it to attacker-controlled infrastructure. We have synchronized this IOC with our clients immediately. Detection & Remediation: Please urgently audit your environments for exposure: • Dependencies: Run npm ls node-ipc --all to identify direct or transitive inclusions. • Lockfiles: Search package-lock.json, yarn.lock, or pnpm-lock.yaml for the affected version ranges. • CI/CD: Review pipeline jobs executed after May 14, 2026, that may have pulled loose semver updates (~9.1.x, ^12, etc.). ⚠️ Critical Action: If a compromised version was installed, assume certain compromise. Do not wait for exfiltration confirmation. Downgrade to a known safe version immediately and aggressively rotate all credentials, tokens, and environment secrets present on the affected machine or CI runner. As always, stay vigilant!

🚨SlowMist TI Alert🚨 💸 @Aurellion_Labs Loss: 455,003 USDC (~$455,003) 🔍 Root Cause: Unprotected initialize(address varg0) in SafeOwnable Facet. Diamond set owner via non-initialize path without updating _initialized version slot (bytes 0-7 of 0xf0c57e...) from 0, allowing re-init by attacker to overwrite owner, call diamondCut to inject malicious facet with pullERC20, and drain approved USDC. 📌 Victim Contract: 0x0adc63e71b035d5c7fdb1b4593999fa1f296f1b2 📌 Vulnerable Facet: 0x3ca79c1cf29b8d19f7c643bb6e6bc9c49762e70f 📌 Attacker EOA: 0x9f49591a3bf95b49cd8d9477b4481ce9da68d5ca Attacker seized Diamond ownership and drained USDC from approved victims including 0x2e933518..., 0xa90714a1..., 0xeced2d37.... Powered by #SlowMist#.AI

🚨 MistEye Security Gate Officially Released｜Building Frontline Security Detection for AI Agents SlowMist has officially released MistEye Security Gate, a pre-execution security gateway Skill that provides security detection capabilities for dependency installation and domain access for mainstream #AI# coding agents such as @claudeai , @cursor_ai , and @OpenAI GPT. 👉 MistEye Security Gate enables: 🔹 Supply chain package risk detection (npm/pypi/go etc.) 🔹 Real-time scanning of domains/URLs/IPs/emails 🔹 File hash & malicious Skill/MCP identification 🔹 Hard blocking mechanism + daily automated inspections Core Scenarios Covered: - Dependency installation checks (requirements.txt, package.json, etc.) - External link / domain threat validation - Continuous security inspection of installed Skills How to Deploy: 1️⃣ GitHub Repo: 2️⃣ Get free API Key: 3️⃣ Set MISTEYE_API_KEY (env var preferred, or config file with 600 permission) 🛡️ Why It Matters: It cuts off #AIAgent# supply chain and external interaction risks at the source, strengthening the frontline defense. Ready to make your AI Agents run more securely? Welcome to integrate MistEye Security Gate! 🔗 Full article:

🚨SlowMist TI Alert🚨 💸 Loss: 140,180 USDT (140,180,175,562 tokens) 🔍 Root Cause: Missing access control in addUsers (0x4777ff62) function of PayrollDistribution. Anyone can register users for existing drop and set arbitrary totalAmount. 📌 Attacker: 0x90b147592191388e955401af43842e19faa87ee2 📌 Victim: 0xa184af4b1c01815a4b57422a3419e4fb78a96ee4 📌 Vulnerable Contract: 0xef2c77f3b9b8aaa067239bc6b4588bae26433494 Attacker registered exploit contract via addUsers in constructor, flash loaned USDT deposit, claimed oversized payroll from drop #3#. Powered by #SlowMist#.AI

🚀SlowMist RWA Smart Contract Security Audit Service Officially Launched！ RWA (Real World Assets) has become a major frontier where #Web3# meets traditional finance. Unlike traditional DeFi projects, #RWA# security involves far greater complexity — including ownership verification, compliance governance, and on-chain/off-chain consistency. Drawing on years of blockchain security expertise, SlowMist has officially launched a specialized RWA smart contract audit service, delivering comprehensive protection across compliance, permission systems, and on/off-chain consistency. Read full announcement👇 RWA project teams and institutions are welcome to contact us for collaboration! 🤗 📮team@slowmist.com

🚨SlowMist TI Alert🚨 We have detected a malicious transaction exploiting a flawed EIP-7702 account, resulting in a loss of 1,988.5 $QNT (approx. 54.93 $ETH). The root cause is that the admin identity of a QNT reserve pool is held by an EOA (0xc6ddf90790b433743bd050c1d1d45f673a3413f4), which delegated its code to a `BatchExecutor` contract via the EIP-7702 mechanism. Unfortunately, `BatchExecutor` designates the permissionless `BatchCall` contract (0x044dc3e39c566a95011e272ec800dbd2cc9c057c) as an authorized caller. However, `BatchCall.batch()` is entirely open to any external caller without any permission checks. This led to an arbitrary call vulnerability, allowing the attacker to drain the $QNT tokens from the reserve pool. Exploit tx: Powered by #SlowMist#.AI

🥳Unphishable is participating in the current @thedaofund × @Giveth Ethereum Security Quadratic Funding round! If you care about #Web3# security and want to help users stay safe from phishing scams, please consider supporting us.🫶 Unphishable ( is a free, browser-based phishing simulation platform with 30+ realistic challenges. Train to detect real-world attacks like seed phrase scams, fake airdrops, malicious approvals, fake job interviews, and more — all in a safe, gamified environment (MetaMask testnet only). Built jointly by @DeFiHackLabs,@realScamSniffer, and @SlowMist_Team 🙌 It’s quadratic funding, which means small donations get massively amplified by the matching pool. Even a modest contribution can have a huge impact! 🔥 👉 Support Unphishable here: Big thanks to @1nf0s3cpt for the collaboration and strong support!🥰🛡️

🚨 SlowMist TI Alert 🚨 MistEye has monitored threat intelligence regarding a sophisticated supply chain campaign targeting official Checkmarx distribution channels. The attack involved maliciously overwriting tags in the checkmarx/kics Docker Hub repository and injecting remote payload execution logic into specific extension versions, including checkmarx/cx-dev-assist (1.17.0, 1.19.0) and checkmarx/ast-results (2.63.0, 2.66.0). This campaign specifically aims to exfiltrate developer and cloud credentials to obtain GitHub and npm tokens for lateral propagation. Consequently, this propagation has led to the compromise of the @bitwarden/cli@2026.4.0 package, which now contains a malicious file named bw1.js. These IOCs have been synchronized with clients immediately. It is advised to avoid unverified checkmarx/kics Docker images and strictly refrain from using the compromised extension or CLI versions mentioned above. Immediate auditing of development environments and rotation of any potentially exposed credentials or tokens is strongly recommended. As always, stay vigilant!

🚨 SlowMist TI Alert 🚨 MistEye has received threat intelligence from the community regarding an active and highly destructive macOS infostealer known as "MacSync Stealer" (v1.1.2). Threat actors are targeting macOS users to extract sensitive data, including crypto wallets, browser credentials, system Keychains, and infrastructure keys (SSH/AWS/K8s). The malware uses fake AppleScript system dialogs to phish for login passwords and displays a fake "not supported" error after data exfiltration. We have synchronized this IOC with our clients immediately. Please do NOT execute unverified macOS scripts and be extremely cautious of unexpected system password prompts. In the event of a suspected compromise, immediate remediation is critical: rotate all infrastructure credentials (SSH/AWS/K8s), invalidate exposed Keychains, and swiftly migrate cryptocurrency assets to secure wallets. As always, stay vigilant!