[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:shai-hulud-descends-to-hades-miasma-worm-campaign-spreads-with-new-pypi-wave-mq5abint":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":16,"article_ids":17,"ioc_summary":19,"source_urls":20,"status":22,"expires_at":23,"created_at":24,"updated_at":25,"articles":26},"c08b5755-6bc1-44ee-8811-f8b6e30612f6","Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave","shai-hulud-descends-to-hades-miasma-worm-campaign-spreads-with-new-pypi-wave-mq5abint","37 malicious Python packages across 19 PyPI repositories are delivering a worm that executes JavaScript payloads via the Bun runtime during installation. Any developer or CI\u002FCD pipeline that pulled these packages in the last wave has likely had secrets and credentials exfiltrated. This is part of the active Shai-Hulud\u002FMiasma campaign.","critical","advisory",[],[13,14,15],"Bun","PyPI","npm","Immediately audit PyPI package installation logs for the last 30 days. Identify any pulls from the 19 affected packages. Assume compromise of any developer machines or CI\u002FCD runners that installed them. Force rotation of all secrets, API keys, and credentials accessible from those environments.",[18],"061af904-2f4f-4f86-a824-d0157e6c643a",null,[21],"https:\u002F\u002Fsocket.dev\u002Fblog\u002Fshai-hulud-descends-to-hades-miasma-pypi-wave?utm_medium=feed","archived","2026-06-10T14:06:49.48+00:00","2026-06-08T14:06:55.356776+00:00","2026-06-10T15:05:40.929881+00:00",[27],{"id":18,"title":6,"url":21}]