Over 100 NPM and PyPI Packages Infected in Escalating Shai-Hulud Supply Chain Attacks

Self-replicating worm Shai-Hulud infects 100+ NPM and PyPI packages with new variants Miasma and Hades targeting credentials and SDKs.

By Content Team

Jun 9, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A self-replicating worm called Shai-Hulud has infected over 100 packages across NPM and PyPI since September 2025, with attacks sharply escalating in recent weeks. After hacking group TeamPCP released the worm's source code in mid-May, clones emerged fast.

The latest variants — Miasma and Hades — harvest credentials, API keys, and tokens, then spread by infecting packages the victim can access. Red Hat's Hybrid Cloud Console was among the targets, alongside SDKs like Vapi and Wrangler. In total, 471 malicious artifacts have been identified, including PyPI wheel files tied to the Hades branch.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Foster City Restores Phone and Email Services After Ransomware Attack

Mar 28, 2026

Saudi Arabia Ordered to Pay £3m to London Dissident Over Pegasus Spying

Jan 29, 2026

Booking.com Hack Fuels 'Reservation Hijack' Scam Wave

Apr 29, 2026

Hackers Exploit Critical Quest KACE Flaw to Take Over Management Systems

Mar 21, 2026