frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/
139•j12y•2h ago

Comments

achandra03•1h ago
Bless the Maker and His water.
mkeeter•1h ago
A repository search shows 2.2K repos with the text "A Mini Shai-Hulud has Appeared", all created within the past day:

https://github.com/search?q=A%20Mini%20Shai-Hulud%20has%20Ap...

spate141•1h ago
what's this all about?
progbits•1h ago
Malware uploading the credentials it managed to steal
foo12bar•1h ago
FTFA

> The attack steals credentials, authentication tokens, environment variables, and cloud secrets, while also attempting to poison GitHub repositories.

CodeAndCuffs•57m ago
That doesn't really explain why there is a bunch of GitHub repos created as well.

If I remember correctly from Shai-Hulud 2, the attacker extricated creds by posting them in public github repos with minor easily reversible encryption. I believe it was double b64 last time.

I'm assuming the logic there is that every security researcher and company is going to pull and scan those creds for their stuff and their clients' stuff. So the attacker is just 1 of N people downloading it. As opposed to trying to send it to their own machine directly.

arsome•33m ago
I think it's more about convenience and bypassing filters - developers are already logged in to github, already have access to create repos and publish code, firewalls will allow it. Even fancy HIDS systems will think the git push is rather normal.

If they have a clue, the attacker still will not download that without using a botnet tunnel or Tor at a minimum.

Note though that these credentials aren't even encrypted using some lightweight ECC to prevent others from capturing them, they're posted in cleartext. Embarassment might be part of the point.

rhdunn•1h ago
The repository names all look like two terms/words from dune (harkonen, mentat, ornithoptor, etc.) followed by a number. This would indicate that the account (possibly GitHub auth/actions token) has been compromised and then used to create the repository.
spate141•1h ago
ah shit, here we go again
12_throw_away•1h ago
this is fine, we are definitely a perfectly normal industry that knows what it is doing
throwa356262•1h ago
Advisory, fresh from the owen

https://github.com/Lightning-AI/pytorch-lightning/security/a...

rvz•1h ago
Shai-Hulud strikes again and continues to turn innocent packages into zombies.

Think twice before looking at a package and most importantly, always pin your dependencies.

pixel_popping•33m ago
Yeah, pin the malware :p
0xbadcafebee•59m ago
something something Safety Requires A Building Code something thing
csvance•28m ago
Shai-Hulud dug my 100 ft trench. Should be OSHA compliant right?
caycep•58m ago
just to clarify it's not PyTorch, it's the library for this Lightning AI company?
lostmsu•55m ago
Yes
0fflineuser•52m ago
The nixpkg from unstable seems to be infected as it s 2.6.2 https://search.nixos.org/packages?channel=unstable&include_h...
minkowski•38m ago
Nixpkgs uses the GitHub source, not the PyPI dist, for lightning; unclear to me from the advisory whether this should also be considered compromised.
andymcsherry•14m ago
Andy from Lightning here. Thanks for pointing that out, we are updating the CVE. Only the versions from PyPi were affected. The malicious code was not checked into the GitHub repository
deforciant•14m ago
github is fine, the package was only pushed into pypi directly
csvance•42m ago
The decision to run all of my experiments in a monorepo with a single uv.lock continues to be validated. I usually only update it a few times a year. It was pinned at 2.6.1 for lightning \o/
upupupandaway•39m ago
Not a security guy here. How did the dependency get compromised, exactly? Did they submit a PR into the main repo at github and it was approved by the maintainers? Or just host compromised versions in other mirrors?
brahman81•34m ago
Thanks to the community for reporting the security issues with PyTorch Lightning 2.6.2 and 2.6.3 - we're actively looking into it.

In the meantime, please use 2.6.1 until we publish 2.6.4.

For more details: https://github.com/Lightning-AI/pytorch-lightning/security/a...

jackdoe•33m ago
I cant wait to have no dependencies.

An extreme example is now when I make interactive educational apps for my daughter, I just make Opus use plain js and html; from double pendulums to fluid simulations, works one shot. Before I had hundreds of dependencies.

Luckily with MIT licensed code I can just tell Opus to extract exactly the pieces I need and embed them, and tweaked for my usecase. So far works great for hobby projects, but hopefully in the future productions software will have no dependencies.

Aperocky•26m ago
I am torn because I like rust over go, and rust is better from an LLM perspective. But the dependency philosophy on rust is basically a security blackhole whereas go is much better.
kblissett•24m ago
I have found Go is an amazing language for LLMs. What do you prefer about Rust?
ks2048•27m ago
I'm curious what they do with various kinds of credentials if they get access.

I can see trying to steal crypto, but what do they do if they get some AWS credentials? Try to run some crypto mining instances? Try to use your account for other types of crimes? Or is it mainly trying to steal data and then ask for ransoms?

bigfluffydonkey•13m ago
It's always crypto. A client got some AWS credentials stolen and without anyone checking the account, the hacker managed to spin up big EC2 instances across many regions. The bill after a month as I recall was around 100K. Since the activity was clearly fraudulent the bill was forgiven eventually. So remember to lock down your AWS keys permissions...
wlkr•12m ago
This might just be the frequency illusion at play, but there seem to have been a number of high-profile supply chain attacks of late in major packages. There are several articles on the first few pages of HN right now with different cases.

Looking back ten years to `left-pad`, are there more successful attacks now than ever? I would suspect so, and surely the value of a successful attack has also increased, so are we actually getting better as a broad community at detecting them before package release? It's a complex space, and commercial software houses should do better, but it seems that whilst there are some excellent commercial products (e.g. CI scan tools), generally accessible, idiot friendly tooling is somewhat lacking for projects which start as hobby/amateur code but end up being a dependency in many other projects.

I've cross-posted my comment from the current SAP supply chain attack thread [0].

[0]: https://news.ycombinator.com/item?id=47964003

JohnMakin•8m ago
People are ramming tons of code into places without ever looking at it, it would follow that supply chain attacks would increase thusly.

How Mark Klein told the EFF about Room 641A [book excerpt]

https://thereader.mitpress.mit.edu/the-whistleblower-who-uncovered-the-nsas-big-brother-machine/
161•the-mitr•1h ago•30 comments

Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

https://semgrep.dev/blog/2026/malicious-dependency-in-pytorch-lightning-used-for-ai-training/
142•j12y•2h ago•34 comments

Belgium stops decommissioning nuclear power plants

https://dpa-international.com/general-news/urn:newsml:dpa.com:20090101:260430-930-14717/
598•mpweiher•6h ago•484 comments

CopyFail Was Not Disclosed to Distros

https://www.openwall.com/lists/oss-security/2026/04/30/10
93•ori_b•1h ago•29 comments

I built a Game Boy emulator in F#

https://nickkossolapov.github.io/fame-boy/building-a-game-boy-emulator-in-fsharp/
57•elvis70•1h ago•12 comments

Claude Code refuses requests or charges extra if your commits mention "OpenClaw"

https://twitter.com/theo/status/2049645973350363168
473•elmean•4h ago•317 comments

How an Oil Refinery Works

https://www.construction-physics.com/p/how-an-oil-refinery-works
197•chmaynard•4h ago•44 comments

Durable queues, streams, pub/sub, and a cron scheduler – inside your SQLite file

https://honker.dev/
84•ferriswil•3h ago•17 comments

You can beat the binary search

https://lemire.me/blog/2026/04/27/you-can-beat-the-binary-search/
146•vok•3d ago•72 comments

Spain's parliament will act against massive IP blockages by LaLiga

https://www.democrata.es/en/politics/congress-and-senate/congress-will-act-against-massive-ip-blo...
246•akyuu•3h ago•95 comments

I aggregated 28 US Government auction sites into one search

https://bidprowl.com
174•scarsam•6h ago•53 comments

10Gb/s Ethernet: what I did to get it working in my home

https://www.gilesthomas.com/2026/04/10g-ethernet-what-i-did
45•gpjt•1d ago•23 comments

Mozilla's opposition to Chrome's Prompt API

https://github.com/mozilla/standards-positions/issues/1213
446•jaffathecake•10h ago•184 comments

Recovering files from beyond the grave using PhotoRec

https://lost-number.bearblog.dev/recovering-files-from-beyond-the-grave-using-photorec/
7•speckx•56m ago•0 comments

Show HN: TRiP – a complete transformer engine in C built from scratch just by me

https://github.com/carlovalenti/TRiP
14•carlovalenti•1h ago•1 comments

A 1960s art school experiment that redefined creativity

https://thereader.mitpress.mit.edu/the-1960s-art-school-experiment-that-redefined-creativity/
40•pseudolus•3h ago•8 comments

Granite 4.1: IBM's 8B Model Matching 32B MoE

https://firethering.com/granite-4-1-ibm-open-source-model-family/
236•steveharing1•8h ago•148 comments

The Zig project's rationale for their anti-AI contribution policy

https://simonwillison.net/2026/Apr/30/zig-anti-ai/
582•lumpa•16h ago•363 comments

Noctua releases official 3D CAD models for its cooling fans

https://www.noctua.at/en/3d-cad-models
447•embedding-shape•2d ago•98 comments

Where the goblins came from

https://openai.com/index/where-the-goblins-came-from/
974•ilreb•15h ago•581 comments

How Semiconductors Were Made in America

https://www.siliconimist.com/p/semiconductors-made-in-america
8•johncole•2d ago•1 comments

Kubereboot/Kured: Kubernetes Reboot Daemon

https://github.com/kubereboot/kured
9•ankitg12•1h ago•0 comments

The Science Behind Honey's Eternal Shelf Life (2013)

https://www.smithsonianmag.com/science-nature/the-science-behind-honeys-eternal-shelf-life-1218690/
46•downbad_•5h ago•25 comments

I scraped 1.94M Airbnb photos for opium dens, pet cameos, and messy kitchens

https://burla-cloud.github.io/examples/airbnb-burla-demo/
57•jmp1062•4h ago•25 comments

A Primer on Bézier Curves – So What Makes a Bézier Curve?

https://pomax.github.io/bezierinfo/
95•mostlyk•2d ago•19 comments

What can we gain by losing infinity?

https://www.quantamagazine.org/what-can-we-gain-by-losing-infinity-20260429/
78•Tomte•1d ago•85 comments

Craig Venter has died

https://www.jcvi.org/media-center/j-craig-venter-genomics-pioneer-and-founder-jcvi-and-diploid-ge...
316•rdl•16h ago•75 comments

My Stratum-0 Atomic Clock

https://coverclock.blogspot.com/2017/05/my-stratum-0-atomic-clock_9.html
57•g0xA52A2A•2d ago•14 comments

Largest Digital Human Rights Conference Suddenly Canceled

https://www.404media.co/rightscon-human-rights-conference-suddenly-postponed/
42•Brajeshwar•2h ago•7 comments

Because It Doesn't Have To

https://blog.computationalcomplexity.org/2026/04/because-it-doesnt-have-to.html
24•zdw•1d ago•5 comments