> TritonInfoSec News
Home / Jun 09, 2026 / Story
0
#5 BleepingComputer general June 08, 2026 at 20:41 UTC

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

By Bill Toulas

AI Summary

A new supply chain attack dubbed Shai-Hulud 'Hades' campaign compromised 19 science-focused PyPI packages across 37 wheels, collectively downloaded hundreds of thousands of times, delivering malware designed to steal developer secrets and credentials. The packages were trojanized to run a self-replicating stealer and included a leaked bot token embedded within the malware itself. This is the second iteration of the Shai-Hulud campaign and signals continued evolution of PyPI-targeting threat actors.

Read full article → https://www.bleepingcomputer.com/news/security/new…

Relevance score: 85.0/100

# More from June 09

  1. 1
    Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups The Hacker News
  2. 2
    One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public The Hacker News
  3. 3
    Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order The Hacker News
  4. 4
    UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign The Hacker News
  5. 6
    VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances The Hacker News
  6. 7
    Critical UniFi OS bug lets hackers gain root without authentication BleepingComputer
  7. 8
    For the 2nd time in weeks, Microsoft packages laced with credential stealer Ars Technica Security
  8. 9
    Over 20,000 Instagram accounts stolen in Meta AI support hack BleepingComputer
  9. 10
    SolarWinds Serv-U Vulnerability Exploited in the Wild SecurityWeek