Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

A supply chain attack has compromised PyTorch Lightning versions 2.6.2 and 2.6.3 on PyPI, published April 30, 2026, injecting obfuscated JavaScript into a hidden _runtime directory that executes on module import. The worm uses four parallel exfiltration channels over port 443, steals cloud credentials and GitHub tokens, then self-propagates by injecting setup.mjs droppers into every npm package the stolen publish tokens can reach. Attributed to the Shai-Hulud threat actor via consistent Dune-themed IOC naming conventions, this cross-ecosystem PyPI-to-npm propagation vector is a significant escalation from their prior npm-only mini Shai-Hulud campaign. Any ML team running pip install lightning should immediately pin to 2.6.1 or earlier, audit for unexpected .claude and .vscode directories, and rotate all cloud and GitHub credentials.