THE Hacker News reports that the Python package Lightning on PyPI was compromised to push two malicious versions, 2.6.2 and 2.6.3, both published on 30 April 2026, in an extended supply chain campaign aimed at credential theft. According to security researchers cited in the piece, the malicious package contains a hidden _runtime directory with a downloader and an obfuscated JavaScript payload, and the execution chain runs automatically when the lightning module is imported.
The attack uses a Python script (start[.]py) to download and execute the Bun JavaScript runtime, then runs an 11MB obfuscated payload (router_runtime.js) designed to harvest credentials across developer and CI/CD environments, including GitHub tokens validated against api.github[.]com/user. The campaign also involves an npm-based propagation method that tampers with local npm packages via a postinstall hook, potentially affecting up to 50 repository branches.
The report notes that the operation is linked to TeamPCP, a threat actor also connected to the Mini Shai-Hulud campaign, and encourages blocking versions 2.6.2 and 2.6.3, downgrading to 2.6.1, and rotating exposed credentials. Separately, intercom-client version 7.0.4 was also implicated in the Mini Shai-Hulud context as part of a related campaign.