供应链攻击已导致 PyTorch Lightning AI 训练库(版本 2.6.2 和 2.6.3)受到损害。该恶意代码以《沙丘》中的“Shai-Hulud”为主题,导入后会自动执行,窃取凭证、身份验证令牌和云密钥。此次攻击还试图污染 GitHub 存储库,并通过将恶意代码注入其他包的方式在 npm 生态系统中传播。 AI
影响 受损的 AI 开发工具可能导致大规模凭证窃取和存储库污染,影响 AI 项目的安全性。
排序理由 这是一个影响广泛使用的 AI 开发工具的安全漏洞,但它不代表新的模型发布或范式转变。
在 Mastodon — fosstodon.org 阅读 →
AI 生成摘要 · Google Gemini · 来自 6 个来源。 我们如何撰写摘要 →
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library https:// semgrep.dev/blog/2026/maliciou s-dependency-in-pytorch-lightning-used-for-ai-training/ # ai # malware
New post: PyTorch Lightning, CopyFail, and Claude Code — Three Trust Failures on the Same Day Shai-Hulud malware hit PyTorch Lightning. CopyFail was never disclosed to distros. Claude Code allegedly scans commits for competitors. Three stories, one pattern. 15 incidents in 30 day…
Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library https:// semgrep.dev/blog/2026/maliciou s-dependency-in-pytorch-lightning-used-for-ai-training/ # ai # malware
📰 PyTorch Lightning Malware: Shai-Hulud Attack Exploits Deserialization in 2026 A sophisticated malware campaign disguised as Shai-Hulud-themed dependencies has been found embedded in PyTorch Lightning’s training ecosystem, exploiting deserialization flaws to enable remote code e…
📰 PyTorch Lightning'de Pickle Deserialization Zafiyeti: 2026'da RCE Tehditleri ve Çözümü PyTorch Lightning’de keşfedilen ciddi deserializasyon zafiyetleri, kullanıcıları arbitrary kod çalıştırma saldırılarına açıyor. Shai-Hulud temalı bir zararlı yazılım senaryosu, bu zafiyetleri…