The Hades Campaign weaponizes the leaked Miasma toolkit to inject malicious code into PyPI, npm, and RubyGems packages and steal secrets from GitHub Actions workflows and CI/CD pipeline configurations. With 304 software components and 73 Microsoft GitHub repositories reported affected (medium-confidence figures from a single Tier 3 source), organizations consuming open-source packages or running automated build pipelines face supply chain compromise risk and downstream credential theft at scale.