This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
06/11/2026
Meet Hades: The malware that lies to AI security agents
InfoWorld.com
Threat actors are continuing their onslaught against software supply chains, now with malware named after death itself.
The newly-discovered Hades Campaign is a “highly sophisticated” supply chain compromise that targets Python developer environments and runs as soon as infected packages are imported. It uses the popular Bun toolkit to silently execute multi-layer payloads that can extract sensitive data, move laterally across compromised systems, exploit common security frameworks, and even hijack AI gatekeeper analyzer systems via adversarial prompt injection.
Notably, the campaign exploited the popular C++ library ensmallen, as well as packages in the computational biology, bioinformatics, and genotype-phenotype analysis ecosystems.
More Info
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information