What happened
The 'lightning' PyPI package, a widely used deep learning framework, was compromised in a supply chain attack affecting versions 2.6.2 and 2.6.3 published on April 30, 2026. This malware, attributed to the Shai-Hulud campaign, injects an obfuscated JavaScript payload that executes automatically upon module import. It steals credentials, authentication tokens, environment variables, and cloud secrets, while also attempting to poison GitHub repositories. The attack propagates cross-ecosystem from PyPI to npm by injecting droppers into publishable packages.
Why it matters
AI development supply chain integrity faces direct compromise. Platform engineers and security architects must assume full compromise for systems that imported affected 'lightning' versions, necessitating immediate credential rotation across local, CI/CD, and cloud environments. This attack, leveraging developer tooling for persistence and broad credential targeting across AWS, Azure, and GCP, extends the threat from the prior mini Shai-Hulud campaign, demonstrating escalating cross-ecosystem propagation risks for critical AI dependencies.
