Advertisement
SU
HIGH
Supply Chain
Backdoored PyTorch Lightning Package Drops Credential Stealer
A malicious PyTorch Lightning package on PyPI delivers a credential stealer, targeting browser data, environment variables, and cloud service credentials. Urgent action
Runtime Rebel Intel
4 min read·May 4, 2026
HIGH
Supply Chain
PyTorch Lightning 2.6.2/2.6.3 Compromise: Credential Theft Via Supply Chain
Threat actors injected malicious code into PyTorch Lightning versions 2.6.2 and 2.6.3 on PyPI, enabling credential theft via a supply chain attack. Urgent action
Runtime Rebel Intel
5 min read·Apr 30, 2026