A sophisticated new threat campaign codenamed "Hades" has emerged, targeting the Python Package Index (PyPI) in what security researchers are calling a concerning evolution of software supply chain attacks. This campaign demonstrates a new twist on the previously identified "Shai-Hulud" techniques, highlighting the increasing sophistication of attackers targeting popular development repositories.

The Hades campaign recently compromised 37 PyPI wheels and 19 code packages, representing a significant expansion of previous attack methods. These malicious packages were designed to mimic legitimate ones but contained harmful code intended to compromise developer systems and, by extension, the applications they were building. The primary targets include developers and organizations relying on Python packages for their software development lifecycle. This matters because PyPI serves