Socket(@SocketSecurity ):🚨 The popular PyPI package lightning has been compromised in a supply chain attack. Socket detected malicious code in versions 2.6.2 and 2.6.3 that executes automatically on import, downloads Bun, and runs an 11 MB obfuscated JavaScript payload designed to steal credentials. This appears to be connected to yesterday's mini Shai-Hulud attack, but we're still investigating. #Python

Socket

@SocketSecurity

Socket is the #1# software supply chain security platform. Next-gen SCA + SBOM + 0-day prevention. LOVED BY DEVELOPERS. 👀 @npm_malware

Joined November 2021

4.6K Following 15.8K Followers

Socket@SocketSecurity

2026.04.30 13:51

🚨 The popular PyPI package lightning has been compromised in a supply chain attack. Socket detected malicious code in versions 2.6.2 and 2.6.3 that executes automatically on import, downloads Bun, and runs an 11 MB obfuscated JavaScript payload designed to steal credentials. This appears to be connected to yesterday's mini Shai-Hulud attack, but we're still investigating. #Python#