📰 2026-05-01 01:30 更新
🔸 Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library / 在PyTorch Lightning AI训练库中发现Shai-Hulud主题恶意软件
🔗 Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
🔥 53 points
原文:
The PyPI package ‘lightning’, a widely-used deep learning framework, was compromised in a supply chain attack affecting versions 2.6.2 and 2.6.3 published on April 30, 2026. Teams building image classifiers, fine-tuning LLMs, running diffusion models, or developing time-series forecasters frequently have lightning somewhere in their dependency tree. Running pip install lightning is all that is needed to activate. The malicious versions contain a hidden _runtime directory with obfuscated JavaS…
译文:
PyPI软件包“闪电”是一种广泛使用的深度学习框架,在2026年4月30日发布的2.6.2和2.6.3版本的供应链攻击中遭到破坏。构建图像分类器、微调LLM、运行扩散模型或开发时间序列预测器的团队经常在其依赖树中的某个地方出现闪电。运行pip install lightning即可激活。恶意版本包含 hidden_runtime目录与混淆的JavaS…
自动更新 · 正文抓取 · 双语翻译