TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

By rooter

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems.

“The compromised releases shipped a *-setup.pth file that attempts to execute automatically

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đź‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

rooter
Cyber Security

Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

rooter
Cyber Security

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now

rooter

Leave a Reply

You Missed

News

Marshall’s Stockwell speaker gets a replaceable battery that runs twice as long

News

Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

News

Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild – Patch Now

News

Scams Have Gone Omnichannel: New Global Report Tracks Fraud Across Web, SMS, Social and Voice