PyPI package 'lightning' versions 2.6.2 and 2.6.3 were backdoored on April 30, 2026, stealing credentials and poisoning GitHub repos on import.
The widely-used PyPI package 'lightning' (PyTorch Lightning) was compromised in versions 2.6.2 and 2.6.3, published April 30, 2026. A hidden '_runtime' directory with obfuscated JavaScript executes automatically on module import, stealing credentials, auth tokens, environment variables, and cloud secrets. The attack also attempts to poison GitHub repositories by pushing malicious commits using Dune-themed naming conventions (EveryBoiWeBuildIsaWormBoi), linked to a prior 'mini Shai-Hulud' threat actor. Semgrep has published detection rules and an advisories page to identify affected projects.
Any environment that ran 'pip install lightning' between April 30 and detection — including CI pipelines — executed the malicious payload on import and potentially leaked every secret in scope: AWS keys, GitHub tokens, .env files. The attack is especially dangerous because lightning is a transitive dependency in many ML stacks, meaning you may be compromised without a direct install. The GitHub repo poisoning vector means your own repositories could have been used to spread the payload further.
Run 'pip show lightning' in every active environment and CI container immediately — if the version is 2.6.2 or 2.6.3, treat every secret that environment touched as compromised and rotate them before anything else.
Open your terminal or CI logs and run: pip show lightning | grep Version
Tags
Also today
Signals by role
Also today
Tools mentioned