Tag: pytorch lightning

2 articles

Laptop workstation with PyTorch Lightning package terminal open, displaying code on a neutral background.

Malicious PyTorch Lightning Package Exploits Supply Chain to Steal Credentials

A malicious version of the popular PyTorch Lightning package, downloaded over 11 million times, was found to contain a stealthy backdoor that steals credentials by silently executing a heavily obfuscated JavaScript payload. The compromised package, version 2.6.3, triggers the malicious routine automatically when imported, putting users at risk.

Analyst 207May 4, 2026

PyTorch Lightning Targeted in PyPI Supply Chain Credential Heist

Malicious actors have struck PyTorch Lightning with a supply chain attack, publishing two tainted package versions that automatically steal credentials when imported. The attack involves a sneaky _runtime directory with a downloader and obfuscated JavaScript payload.

Analyst 207Apr 30, 2026