Topic

Mini Shai Hulud is self-propagating malware that steals credentials from developer machines and CI/CD pipelines.  It was first reported infecting npm packages in 2025, but as of May 2026, it has spread to PyPI.  This talk will cover how Shai Hulud works and some of the mitigation strategies discussed at PyCon.