Skip to content
The Nexus
SECURITYApr 30 · 16:31 UTCTHE HACKER NEWS[email protected] (The Hacker News)

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Threat actors compromised the PyTorch Lightning Python package, publishing malicious versions 2.6.2 and 2.6.3 on April 30, 2026, to steal credentials. Security firms Aikido Security, Socket, and StepSecurity reported the attack, which is part of an ongoing supply chain campaign.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this