Recent Shai-Hulud supply chain attacks have affected more than 100 packages within the NPM and PyPI ecosystems, as reported by cybersecurity experts. These attacks, active since September 2025, have targeted open source software communities with increasing frequency, particularly after the Trivy vulnerability scanner incident.
Surge in Attacks Since May
In May, the hacking group TeamPCP released the source code for Shai-Hulud, leading to the emergence of new clones. By June 1, updated variants were used in expansive, organized attacks, starting with the Red Hat incident, which compromised 32 packages in the Hybrid Cloud Console JavaScript ecosystem.
The attacks have evolved, introducing the ‘Miasma’ variant, which was highlighted by the inclusion of the phrase “Miasma: The Spreading Blight” in the payload. Security firm Ox Security found several malicious NPM packages containing a weaponized binding.gyp file designed to circumvent standard execution procedures.
Miasma Variant Characteristics
Miasma, a descendant of the Mini Shai-Hulud, operates as a multi-stage dropper initiated during NPM package installation. According to Harness, it scans systems and cloud services for sensitive information like credentials and API keys, using this data to further propagate the attack.
By June 5, entities such as Snyk, Sonatype, and StepSecurity identified 57 affected NPM packages and over 300 malicious package versions linked to Miasma. The attacks have impacted several ecosystems including Vapi server SDK and ai-sdk-ollama.
Emergence of the Hades Variant
Following the Miasma attacks, researchers detected another Shai-Hulud variant named ‘Hades’ in roughly two dozen PyPI packages. This variant, marked by the string “Hades – The End for the Damned,” was discovered in an initial set of 19 packages, employing a *-setup.pth file to execute code upon Python startup.
Socket reports that Hades is essentially the PyPI branch of Miasma, exhibiting similar credential-harvesting and spreading tactics. On June 8, a second wave targeted more PyPI packages, with phantom releases appearing on PyPI without corresponding GitHub versions, affecting at least 29 packages according to StepSecurity.
The attacks have involved a total of 471 malicious artifacts across NPM and PyPI, including numerous harmful PyPI wheel artifacts related to the Hades Mini Shai-Hulud worm.
As these attacks continue to evolve, the cybersecurity community remains vigilant in addressing the vulnerabilities in open source supply chains. The incidents underscore the necessity for enhanced security measures to protect against such sophisticated threats.
