THE article discusses the Hades Campaign, identified on June 8, 2026, involving a compromised version of the `ensmallen` package on PyPI, along with several others in bioinformatics. The campaign features a multifaceted payload that executes upon package import, utilizing a Bun executable for cross-platform memory scraping, AI misdirection to evade detection by security systems, and complex command-and-control channels for exfiltration of stolen credentials.
New techniques include adversarial prompt injection to bypass AI security checks, modular malware design for better adaptability, and a wiper deterrent to prevent token revocation. Key impacted packages are listed, alongside the mechanisms and strategies employed by the attackers.