GitLab's Vulnerability Research team discovered a coordinated supply chain attack on PyPI utilizing a Shai-Hulud malware variant. Five malicious packages were found: four were typosquats of popular libraries like Flask, Requests, and NumPy, while the fifth was a weaponized legitimate project called mflux-streamlit. These packages execute code upon installation without requiring imports, employing a self-propagating credential stealer. The malware targets CI/CD environments across major cloud providers, attempting to steal credentials from GitHub, AWS, Azure, GCP, and more. It also targets databases, Vaults, and even attempts to escalate privileges on CI runners. The attack leverages Python's .pth file mechanism for initial execution, downloading and running a Bun JavaScript runtime to execute an obfuscated payload. This payload contains the Shai-Hulud worm, capable of harvesting sensitive information. The worm also exhibits self-propagation, committing malicious files to repositories and publishing additional poisoned packages. GitLab confirmed its own systems were unaffected and is sharing findings to aid the broader security community. All malicious packages originated from a single PyPI account, elitexp, which had previously published a legitimate project. Users are advised to remove affected packages, rotate credentials, and audit their systems for suspicious activity. GitLab Ultimate users can leverage Dependency Scanning to detect these vulnerabilities.