Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek .
AI Analysis
Technical Summary
Since September 2025, the Shai-Hulud worm has been used in multiple supply chain attack campaigns targeting open source software packages in NPM and PyPI. The Miasma variant, a descendant of Mini Shai-Hulud, acts as a multi-stage dropper executed during NPM installation, harvesting credentials and spreading by infecting packages the victim can access. The Hades variant similarly infects PyPI packages, using a startup execution file to fetch and run JavaScript code, also harvesting credentials and exfiltrating data via GitHub repositories. These attacks have affected over 100 packages and 471 malicious artifacts, including targeted attacks on Red Hat’s JavaScript ecosystem and various Python packages. The attacks use advanced evasion techniques such as splitting loaders and payloads to avoid detection. No explicit patch or vendor advisory is referenced in the source content.
Potential Impact
The attacks enable credential harvesting from local systems and connected cloud services, allowing the malware to propagate by infecting additional packages accessible to compromised users. This compromises the integrity of open source supply chains in the NPM and PyPI ecosystems, potentially leading to widespread distribution of malicious code to downstream users and projects. The infection of critical ecosystems such as Red Hat’s Hybrid Cloud Console JavaScript ecosystem and bioinformatics and machine learning Python packages increases the risk of supply chain compromise in enterprise and scientific environments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Security teams should monitor official advisories from affected package maintainers and ecosystem security teams such as NPM and PyPI. Given the nature of the attack, removing or updating infected packages once identified is recommended. Use of supply chain security tools that detect malicious package behavior and integrity violations may help mitigate risk. No vendor-provided official fix or temporary workaround is documented in the provided information.
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
Description
The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek .
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Since September 2025, the Shai-Hulud worm has been used in multiple supply chain attack campaigns targeting open source software packages in NPM and PyPI. The Miasma variant, a descendant of Mini Shai-Hulud, acts as a multi-stage dropper executed during NPM installation, harvesting credentials and spreading by infecting packages the victim can access. The Hades variant similarly infects PyPI packages, using a startup execution file to fetch and run JavaScript code, also harvesting credentials and exfiltrating data via GitHub repositories. These attacks have affected over 100 packages and 471 malicious artifacts, including targeted attacks on Red Hat’s JavaScript ecosystem and various Python packages. The attacks use advanced evasion techniques such as splitting loaders and payloads to avoid detection. No explicit patch or vendor advisory is referenced in the source content.
Potential Impact
The attacks enable credential harvesting from local systems and connected cloud services, allowing the malware to propagate by infecting additional packages accessible to compromised users. This compromises the integrity of open source supply chains in the NPM and PyPI ecosystems, potentially leading to widespread distribution of malicious code to downstream users and projects. The infection of critical ecosystems such as Red Hat’s Hybrid Cloud Console JavaScript ecosystem and bioinformatics and machine learning Python packages increases the risk of supply chain compromise in enterprise and scientific environments.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Security teams should monitor official advisories from affected package maintainers and ecosystem security teams such as NPM and PyPI. Given the nature of the attack, removing or updating infected packages once identified is recommended. Use of supply chain security tools that detect malicious package behavior and integrity violations may help mitigate risk. No vendor-provided official fix or temporary workaround is documented in the provided information.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/over-100-npm-pypi-packages-hit-in-new-shai-hulud-supply-chain-attacks/","fetched":true,"fetchedAt":"2026-06-09T11:40:45.506Z","wordCount":1205}
Threat ID: 6a27fbbd8dd33fbd8528b035
Added to database: 6/9/2026, 11:40:45 AM
Last enriched: 6/9/2026, 11:40:55 AM
Last updated: 6/9/2026, 2:45:07 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.