MEDIUMSupply Chain
Global

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

·Source: The Hacker News

Updated:

Executive Summary

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically

Analysis

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically
Source Attribution

Originally published by The Hacker News on Jun 9, 2026.

Related Threats

HIGHRansomware

Ukrainian national pleads guilty to role in Conti ransomware operation

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]

BleepingComputer
HIGHRansomware

Conti ransomware group member pleads guilty, faces up to 20 years in prison

Oleksii Lytvynenko, a 44-year-old Ukrainian national, admitted to joining the prolific cybercrime group in 2021. Officials said he engaged in cybercrime up until his arrest in Ireland in 2023. The post Conti ransomware group member pleads guilty, faces up to 20 years in prison appeared first on CyberScoop .

CyberScoop
MEDIUMSupply Chain

GitHub to Update npm to Thwart Software Supply Chain Attacks

NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts

Infosecurity Magazine