Shai-Hulud copycat campaign targets Python developers through PyPI typosquatting

GitLab's Vulnerability Research team uncovered a Python supply chain attack on PyPI deploying the Shai-Hulud worm. Five malicious packages were found, including four typosquats of Flask, Requests, and NumPy. The malware executes at install time, steals credentials from CI/CD systems, and targets all major cloud providers.