SecurityWeek reports that new Shai-Hulud variants named Miasma and Hades hit more than 100 packages across NPM and PyPI, spreading through open-source ecosystems with credential-harvesting payloads, malicious package releases, and 471 identified artifacts affecting JavaScript, Python, bioinformatics, graph machine-learning, and MCP-themed packages.
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
SecurityWeek reports that new Shai-Hulud variants named Miasma and Hades hit more than 100 packages across NPM and PyPI, spreading through open-source ecosystems with credential-harvesting payloads, malicious package releases, and 471 identified artifacts affecting JavaScript, Python, bioinformatics, graph machine-learning, and MCP-themed packages.
Source: Securityweek