Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave

A coordinated supply chain attack compromised 37 PyPI packages with malicious wheels that abuse Python startup hooks to install Bun and execute an obfuscated JavaScript credential stealer, targeting developer and CI/CD secrets and exfiltrating them via GitHub under Hades-themed markers—demonstrating Shai-Hulud/Miasma tradecraft adapted for Python ecosystems.