RiskEvents
MonitoringMedium impactAI Refreshed

Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages

Occurred 4 Jun 2026·Detected 10 Jun 2026·
PyPI repository (global online service)5 reports
CyberEnvironmental & IndustrialPropertyCyberCasualty & Liability

Hackers compromised 19 science-focused Python packages on the PyPI repository in a second-wave Shai-Hulud supply-chain attack, delivering malware designed to steal developer secrets. The trojanized packages were collectively downloaded hundreds of thousands of times, creating potential aggregation risk across cyber insurance portfolios where multiple insured developers or organizations may have pulled compromised code. No confirmed insured losses, breach notifications, or specific affected entities have been reported as of the latest update.

AI-generated from linked source reports. See our correction policy.

Impact verdict

Medium impact. Loss pathway: Supply-chain compromise of widely downloaded PyPI packages creates aggregation risk across cyber insurance portfolios, with hundreds of thousands of downloads potentially affecting multiple insured developers and organizations. Evidence: 19 trojanized packages with hundreds of thousands of collective downloads, malware designed to steal secrets enabling further lateral movement. Limit: No confirmed insured losses, breach notifications, or specific affected insured entities reported; impact scale remains uncertain pending disclosure of downstream compromise.

View assessment methodology

How we grade what we know -- Known · Reported · Uncertain. Methodology →

Intelligence ledger

Each line expands in place to its underlying sourced claim.

AI refreshed 10 Jun 2026, 18:37

Known7 lines

19 PyPI packages were trojanized in a new Shai-Hulud attack
structured lineknown
No separate sourced-claim record is available for this line yet.
Packages were collectively downloaded hundreds of thousands of times
structured lineknown
No separate sourced-claim record is available for this line yet.
Malware is designed to steal developer secrets
structured lineknown
No separate sourced-claim record is available for this line yet.
This is a follow-up to a prior Shai-Hulud campaign
structured lineknown
No separate sourced-claim record is available for this line yet.
This incident represents a second wave of the Shai-Hulud supply-chain attack campaign.
shai_hulud_campaign_wavethreat trendcyber
Market relevance: Repeat waves indicate an active, resourced threat actor targeting the open-source software supply chain, relevant to cyber underwriting assumptions.
new Shai-Hulud supply-chain attack” — BleepingComputer · 10 Jun 2026, 18:37
Delivered malware is designed to steal developer secrets and supports lateral movement.
shai_hulud_malware_capabilityloss pathwaycyber
Market relevance: Credential theft with lateral movement can translate into downstream incidents (account takeover, data breach, ransomware) that trigger cyber policy coverage.
delivered malware designed to steal developer secrets” — BleepingComputer · 10 Jun 2026, 18:37
19 science-focused Python packages on PyPI were trojanized in a second-wave Shai-Hulud supply-chain attack.
shai_hulud_pypi_packages_countaggregation riskcyber
Market relevance: Supply-chain compromises of widely used open-source packages can drive aggregation across cyber insurance books with developer or software supply-chain exposure.
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack” — BleepingComputer · 10 Jun 2026, 18:37

Reported3 lines

Targeted packages are science-focused
structured linereported
No separate sourced-claim record is available for this line yet.
Targeted packages are science-focused.
shai_hulud_package_themetargeting sectorcyber
Market relevance: Science-focused packages suggest potential exposure for research, engineering, and data-science insureds that rely on Python ecosystems.
19 science-focused Python packages” — BleepingComputer · 10 Jun 2026, 18:37
The 19 trojanized packages were collectively downloaded hundreds of thousands of times.
shai_hulud_downloads_scaleaggregation riskcyber
Market relevance: High download volume expands the potential blast radius for downstream credential compromise across insured developer environments.
collectively downloaded hundreds of thousands of times” — BleepingComputer · 10 Jun 2026, 18:37

Uncertain8 lines

Number of downstream organizations actually compromised
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Scale of credential exfiltration
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether the attack has produced confirmed insured losses
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Attribution to a specific threat actor
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The number of downstream organizations actually compromised as a result of pulling the trojanized packages is not yet known.
shai_hulud_downstream_compromise_countaggregation riskcyber
Market relevance: Direct driver of insured loss aggregation; remains a key uncertainty for portfolio exposure assessment.
BleepingComputer · 10 Jun 2026, 18:37
The scale of credential exfiltration resulting from the campaign is not yet known.
shai_hulud_credential_exfiltration_scaleloss pathwaycyber
Market relevance: Exfiltrated credentials could enable follow-on incidents (account takeover, fraud, ransomware) that trigger cyber coverage.
BleepingComputer · 10 Jun 2026, 18:37
No confirmed insured losses, breach notifications, or specific affected insured entities have been reported in connection with this attack.
shai_hulud_insured_lossesno confirmed losscyber
Market relevance: Absence of confirmed losses supports retaining medium (rather than high) impact classification pending further disclosure.
BleepingComputer · 10 Jun 2026, 18:37
Attribution of the attack to a specific threat actor has not been confirmed.
shai_hulud_threat_actor_attributionattribution gapcyber
Market relevance: Attribution informs threat-actor risk scoring and potential nation-state or cybercrime exclusions in cyber wordings.
BleepingComputer · 10 Jun 2026, 18:37

Latest developments

  • 19 science-focused PyPI packages confirmed trojanized in the latest Shai-Hulud campaign wave. BleepingComputer
  • Trojanized packages collectively reached hundreds of thousands of downloads, expanding potential downstream exposure. BleepingComputer
  • Malware payload targets developer secrets and supports lateral movement, raising downstream incident potential. BleepingComputer
  • Latest package compromise identified as a second wave of the Shai-Hulud campaign. BleepingComputer
  • Targeted packages concentrated in the science vertical. BleepingComputer
  • Downstream compromise count remains unconfirmed; impact scale depends on this disclosure. BleepingComputer
  • Scale of credential exfiltration remains unconfirmed. BleepingComputer
  • No confirmed insured losses reported to date. BleepingComputer

Timeline

Corroboration12 Jun 2026, 05:14

A new Rust-based infostealer malware dubbed IronWorm has infected 36 packages on the npm registry, targeting developer credentials and cloud service keys (AWS, OpenAI, Anthropic). The malware self-propagates by publishing malicious package versions using stolen credentials, echoing the Shai Hulud attack. While researchers report early containment, the event highlights ongoing supply-chain risk relevant to Cyber underwriters and any insured developer or enterprise exposure.

Source: r/pwnhub (Social / Community) · View source

Status Change12 Jun 2026, 04:31

Status changed to monitoring

Auto-transitioned: no updates for 6 hours

active -> monitoring

Merge11 Jun 2026, 22:06

Merged with: Shai Hulud Supply Chain Attack – Malicious npm/PyPI Packages – May 2026

Event "Shai Hulud Supply Chain Attack – Malicious npm/PyPI Packages – May 2026" (slug: shai-hulud-supply-chain-attack-malicious-npm-pypi-packages-may-2026-1-2okoh542) merged into this event.

Status Change11 Jun 2026, 22:06

Status changed to active

evidence_trigger: developing_promotion

developing -> active

Status Change11 Jun 2026, 08:00

Status changed to developing

evidence_trigger: corroboration >= 2

signal -> developing

Corroboration11 Jun 2026, 08:00

A new Rust-based infostealer malware dubbed IronWorm, related to the Shai-Hulud campaign, has been identified targeting npm packages and software developers. It features eBPF rootkit stealth, Tor-based C2, credential theft across cloud/GitHub/Kubernetes environments, and self-propagation through trusted publishing workflows. While technically significant, no specific insured entity losses or financial impact figures are reported.

Source: r/cybersecurity (Social / Community) · View source

Initial Detection10 Jun 2026, 18:28

Initial Detection

Hackers compromised 19 science-focused Python packages on PyPI in a new Shai-Hulud supply-chain attack delivering malware designed to steal developer secrets. This is the second wave of the Shai-Hulud campaign, targeting the open-source software supply chain with malware capable of credential theft and lateral movement. Insurance significance lies in potential accumulation risk across cyber books where multiple insured developers or organizations may have pulled compromised packages.

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets.

Source: BleepingComputer (Trade Media) · View source

Status Change18 May 2026, 20:48

Status changed to developing

Auto-promoted: multiple sources

Corroboration18 May 2026, 20:48

The Shai-Hulud malware, which leaked the previous week, has been weaponised in a new supply chain attack targeting the Node Package Manager (npm) ecosystem. Infected packages were identified over the weekend following the malware's public leak. The campaign is classified as an infostealer operation, seeking to exfiltrate sensitive data from developers and organisations relying on compromised npm packages. The open-source nature of npm makes this a broad-reach supply chain compromise with potential downstream impact across many software-dependent organisations.

Source: BleepingComputer (Trade Media) · View source

Initial Detection12 May 2026, 12:00

Initial Detection

A threat actor identified as 'Shai Hulud' has compromised hundreds of packages across the npm and PyPI software registries in a supply chain attack campaign. The malicious packages, which include signed versions impersonating TanStack and Mistral libraries, deliver credential-stealing malware targeting software developers. The campaign represents a broad software supply chain compromise with global reach given the widespread use of npm and PyPI ecosystems.

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers.

Source: BleepingComputer (Trade Media) · View source

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts
← Back to live events