Malware Discovered in Compromised PyTorch Lightning Library Versions

Apr 30, 2026

AI Summary

Versions 2.6.2 and 2.6.3 of the PyTorch Lightning library were compromised in a supply chain attack, allowing malware to execute upon import. The malware targets sensitive credentials and attempts to propagate through GitHub repositories, posing significant risks to developers and their projects.

The PyTorch Lightning library versions 2.6.2 and 2.6.3 were compromised on April 30, 2026, in a supply chain attack.
The malicious package includes a hidden _runtime directory with obfuscated JavaScript that executes automatically when the module is imported.
The malware steals credentials, authentication tokens, environment variables, and cloud secrets, while also attempting to poison GitHub repositories.
The attack is believed to be linked to the same threat actor behind a previous campaign known as Mini Shai-Hulud.
The malware can be activated by running 'pip install lightning' and targets local files, CI/CD pipelines, and major cloud providers.
It scans for various credential file paths and can extract secrets from GitHub Actions, AWS, Azure, and GCP environments.
Persistence hooks are created in developer tools like Claude Code and VS Code, allowing the malware to execute without user action.
Developers are advised to audit their projects for the malicious package and rotate any compromised credentials immediately.
Indicators of compromise include specific commit messages and newly created public repositories with Dune-themed names.

pytorchmalwareai trainingsecuritysoftware vulnerabilities

Malware Discovered in Compromised PyTorch Lightning Library Versions

Related Stories

Exploring the Relevance of Python in an AI-Driven Coding Landscape

Digg Relaunches as AI-Focused News Aggregator After Previous Shutdown

Nvidia introduces CUDA-oxide, a Rust-to-CUDA compiler for GPU programming

OpenAI Launches Campus Network for Student Clubs