[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:over-100-npm-pypi-packages-hit-in-new-shai-hulud-supply-chain-attacks-mq87avev":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":17,"article_ids":18,"ioc_summary":20,"source_urls":21,"status":23,"expires_at":24,"created_at":25,"updated_at":26,"articles":27},"7776e565-8e1e-4efd-a89b-5e54b4f02808","Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks","over-100-npm-pypi-packages-hit-in-new-shai-hulud-supply-chain-attacks-mq87avev","Self-propagating worms named Miasma and Hades have compromised 100+ packages across NPM and PyPI repositories since May. These attacks steal credentials and API keys to propagate further, with confirmed impact to Red Hat's ecosystem and bioinformatics\u002FML packages. Any development team consuming these ecosystems faces credential theft and supply chain compromise risk.","critical","advisory",[],[13,14,15,16],"NPM","PyPI","Hybrid Cloud Console","Red Hat","Immediately audit your dependency manifests (package.json, requirements.txt, etc.) against the published IOC list. Revoke any NPM and PyPI credentials that may have been exposed, rotate API keys, and scan development machines for suspicious package installation activity in the past 6 months.",[19],"79a4a19d-b011-49b7-a57b-519b61936d3b",null,[22],"https:\u002F\u002Fwww.securityweek.com\u002Fover-100-npm-pypi-packages-hit-in-new-shai-hulud-supply-chain-attacks\u002F","active","2026-06-12T15:05:40.858+00:00","2026-06-10T15:05:44.907291+00:00","2026-06-10T15:05:58.396614+00:00",[28],{"id":19,"title":6,"url":22}]