Supply‑chain researchers discovered that the PyPI package lightning, a core component of many PyTorch workflows, was compromised on April 30 2026. Versions 2.6.2 and 2.6.3 embed a hidden _runtime directory containing obfuscated JavaScript that runs automatically when the module is imported. The payload harvests cloud credentials, GitHub tokens and environment variables, then attempts to poison downstream repositories across multiple projects.

Investigators link the code to the Shai-Hulud worm family, noting Dune‑themed commit prefixes such as EveryBoiWeBuildIsAWormyBoi. After exfiltration via encrypted HTTPS posts, the malware also plants GitHub dead‑drops: it creates public repos with the description “A Mini Shai‑Hulud has Appeared” and stores stolen secrets as base64‑encoded JSON files. A secondary infection vector pushes malicious JavaScript into npm packages using any harvested npm publish tokens.

Security teams should scan for the _runtime/start.py loader, .claude and .vscode hook files, and any commit messages beginning with the EveryBoiWeBuildIsAWormyBoi prefix. Semgrep already offers a rule to detect the affected versions; organizations that installed the tainted packages must rotate all cloud and GitHub credentials and audit repositories for injected dropper scripts. Failure to remediate leaves every downstream developer exposed to credential theft.