The Hades campaign poisoned 19 PyPI packages across 37 malicious wheel artifacts, deploying credential theft, SSH key harvesting, and a destructive wiper module targeting the full modern development and CI/CD stack. A single developer installing one affected package can expose cloud credentials across AWS, GCP, and Azure, compromise CI/CD pipeline secrets, and trigger irreversible data destruction. Attribution to the Miasma/Shai-Hulud supply chain lineage is assessed at medium confidence based on TTP overlap.