GMS-2026-575: Embedded Malicious Code (Shai-Hulud)

This package was identified by GitLab’s Vulnerability Research team as part of a coordinated Shai-Hulud copycat supply chain attack on PyPI on June 7, 2026. The package nhmpy is a typosquat of the popular NumPy scientific computing library. It contains a .pth file that auto-executes on Python startup, downloads the Bun JavaScript runtime, and runs an obfuscated credential stealer targeting GitHub, AWS, Azure, GCP, HashiCorp Vault, NPM, PyPI, RubyGems, SSH keys, Kubernetes, and Sigstore. The worm self-propagates by pushing malicious commits to accessible GitHub repositories a nd publishing poisoned packages to other registries. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer.