Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

The PyPI package 'lightning', a popular deep learning framework, was compromised in a sophisticated supply chain attack impacting versions 2.6.2 and 2.6.3, released on April 30, 2026. The attack embedded a hidden directory with obfuscated JavaScript code that activates upon module import to steal credentials, authentication tokens, environment variables, and cloud secrets, while attempting to poison GitHub repositories with Dune-themed commit messages and public repositories. This attack appears to be linked to the same threat actor behind the mini Shai-Hulud campaign, using similar tactics to spread malware across ecosystems from PyPI to npm. The malicious payload is designed to propagate through npm by injecting and executing a setup.mjs dropper and router_runtime.js into packages, stealing credentials, and committing these to public and victim repositories. The malware targets various credential sources, including local files, CI/CD pipelines, and major cloud providers, and plants persistence hooks in developer tools like Claude Code and VS Code. Organizations using the affected package versions are advised to run security scans, audit repositories for injected files, and rotate credentials as a precaution.