Hasty Briefsbeta

Bilingual

Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

3 hours ago
  • #p
  • #d
  • #e
  • #r
  • #a
  • #u
  • #P
  • #c
  • #t
  • #o
  • #m
  • #-
  • #h
  • #i
  • #
  • #k
  • #,
  • #y
  • #f
  • #s
  • #n
  • #l
  • PyPI package 'lightning' versions 2.6.2 and 2.6.3 were compromised in a supply chain attack on April 30, 2026.
  • The attack automatically executes upon module import, stealing credentials, tokens, environment variables, cloud secrets, and poisoning GitHub repositories.
  • Malware spreads from PyPI to npm through stolen npm publish credentials, injecting droppers into packages to propagate further.
  • Data exfiltration uses multiple channels: HTTPS POST, GitHub commit search dead-drops, attacker-controlled repos, and victim's own repositories.
  • Targets include local files, environment variables, CI/CD secrets, and cloud credentials from AWS, Azure, and GCP.
  • Persistence is achieved via hooks in developer tools like Claude Code and VS Code, activating upon project folder opening.
  • Indicators of compromise include specific commit messages, GitHub repo descriptions, and suspicious files/directories in repositories.
About|Login