The popular PyPI package 'lightning' was compromised in a supply chain attack affecting versions 2.6.2 and 2.6.3. The malicious package executes an obfuscated JavaScript payload via the Bun runtime to harvest cloud and developer credentials, poison GitHub repositories by impersonating Anthropic's Claude Code, and infect local npm packages.
AI Weaponization and Developer Supply Chain Attacks Redefine the Perimeter
Attackers are aggressively targeting the software development process because compromising a single developer tool can unlock thousands of corporate networks. In parallel, artificial intelligence is collapsing the cost of attacks, allowing criminals to build convincing deepfakes and automated phishing campaigns in minutes. As a result, traditional security like multi-factor authentication is increasingly bypassed using tricks that steal active login sessions rather than passwords. These trends together suggest that relying on perimeter defenses and basic hygiene is no longer enough, as attackers hide inside trusted cloud services and legitimate software updates. This matters because organizations are losing visibility into where their sensitive data actually lives, especially as AI tools create hidden pathways into company systems. Defenders must shift their focus to monitoring user behavior after login and securing the automated systems that build their software. Watch for unusual activity in your developer tools and implement stricter checks on third-party software.