Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
The PyPI package 'lightning', versions 2.6.2 and 2.6.3, was compromised in a supply chain attack, affecting users of the PyTorch Lightning AI training library. The malicious versions include a hidden _runtime directory containing obfuscated JavaScript that activates upon running pip install lightning.
semgrep.dev
6 min
4/30/2026
No more articles to load