PyTorch Lightning package hit by PyPI malware
Versions 2.6.2 and 2.6.3 of the `lightning` package used for training PyTorch models were reported as malicious after a supply-chain compromise. The injected code runs on import, starts a background payload, and is designed to steal developer credentials, cloud secrets, shell history, SSH keys, and other sensitive artifacts. Because the package is widely used in AI training workflows, the incident poses a broad risk to local dev environments, CI systems, and downstream projects that pinned or auto-upgraded to the affected releases.
This is the kind of supply-chain hit that matters because it weaponizes normal developer behavior: install a training library, import it, and you may already be compromised.
- –The attack surface is broad because the payload executes at import time, before application logic has a chance to guard against it.
- –The stolen data set is operationally serious: cloud creds, GitHub tokens, SSH keys, and wallet material can all lead to secondary compromise.
- –AI/ML teams are especially exposed because training dependencies often run in privileged notebooks, CI jobs, and shared GPU environments.
- –The immediate mitigation is straightforward: avoid `lightning==2.6.2` and `2.6.3`, rotate exposed credentials, and review machines and pipelines that imported those versions.
DISCOVERED
2h ago
2026-04-30
PUBLISHED
5h ago
2026-04-30
RELEVANCE
AUTHOR
j12y