devtake.dev
AI Security Open Source Hardware Apple Policy

#pytorch-lightning

RSS
Related: #credential-theft · 1 #mini-shai-hulud · 1 #ml · 1 #pypi · 1 #python · 1 #security · 1 #supply-chain · 1
Lightning AI logo on a dark background, illustrating the PyPI supply chain compromise of the lightning Python package.
Security·

Mini Shai-Hulud hit PyTorch Lightning. The 11.6M-download PyPI package shipped a credential stealer.

Two malicious lightning releases hit PyPI on April 30. The 42-minute window was enough to ship an RSA-encrypted infostealer to ML developers worldwide.