ZCyberNews
中文
MalwareCritical2 min read

PyTorch Lightning Compromised in PyPI Supply Chain Attack

Threat actors pushed malicious PyTorch Lightning versions 2.6.2 and 2.6.3 to PyPI on April 30, 2026, stealing credentials via a typosquatted dependency — Aikido Security, Socket,…

PyTorch Lightning Compromised in PyPI Supply Chain Attack

Executive Summary

Threat actors compromised the popular Python package lightning (PyTorch Lightning) on the Python Package Index (PyPI), publishing two malicious versions — 2.6.2 and 2.6.3 — on April 30, 2026, according to analyses by Aikido Security, Socket, and StepSecurity. The malicious releases are designed to steal credentials from developers and systems that install the package, marking a targeted supply chain attack against the machine learning and data science community.

Technical Analysis

The attackers gained access to the lightning package maintainer account and pushed versions 2.6.2 and 2.6.3 directly to PyPI, per the security firms' findings. The malicious code is delivered through a typosquatted dependency — a package with a name nearly identical to a legitimate dependency used by Lightning — which, when resolved during installation, executes a credential-harvesting payload. The payload collects environment variables, cloud provider credentials (AWS, GCP, Azure), API tokens, and SSH keys, then exfiltrates them to an external command-and-control server.

Aikido Security noted that the attack is an extension of a previously observed campaign targeting the Python ecosystem, though the specific threat actor remains unidentified as of publication. The malicious versions were live on PyPI for an unknown window before being flagged; PyPI maintainers have since removed them, but users who installed within the past 24 hours may be compromised.

Mitigations & Recommendations

Organizations using PyTorch Lightning should immediately check their installed version. If version 2.6.2 or 2.6.3 is present, treat the environment as compromised: rotate all credentials stored in environment variables, cloud provider secrets, and CI/CD pipeline tokens. Audit systems for unauthorized access or data exfiltration. Pin package versions in requirements.txt or pyproject.toml to a known-safe version (e.g., 2.6.1 or earlier) until the maintainers release a clean update. Enable PyPI's trusted publishing and two-factor authentication for any package publishing accounts to reduce the risk of account takeover.

Stay Updated

Get the latest cybersecurity news delivered to your inbox.

Tags:#pypi#supply-chain#credential-theft#pytorch-lightning#python#open-source

Related Articles

Checkmarx KICS Supply-Chain Breach Hits Docker, VS CodeCRITICAL
Malware

Checkmarx KICS Supply-Chain Breach Hits Docker, VS Code

Attackers compromised Checkmarx KICS Docker images and VS Code extensions to steal cloud credentials, API keys, and source code from developer environments.

3 min read
Fake OpenAI Repo on Hugging Face Pushes Rust InfostealerHIGH
Malware

Fake OpenAI Repo on Hugging Face Pushes Rust Infostealer

A typosquatted OpenAI repository reached #1 on Hugging Face with 244,000 downloads, delivering a Rust-based infostealer that targets browser credentials, crypto wallets, and VPN...

3 min readWinos 4.0
OceanLotus APT Uses PyPI Packages to Deliver ZiChatBot MalwareHIGH
Malware

OceanLotus APT Uses PyPI Packages to Deliver ZiChatBot Malware

Kaspersky attributes a PyPI supply chain campaign to OceanLotus APT, using fake wheel packages to drop ZiChatBot malware that abuses Zulip chat APIs for C2 on Windows and Linux.

4 min readOceanLotus