Skip to content
The Nexus
DossierENTITY

PyTorch Lightning

Coverage of PyTorch Lightning in the Nexus archive.

Earliest in view: Apr 30 · 16:09 UTCMost recent: May 4 · 17:15 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 4 · 17:15 UTCBLEEPING COMPUTER
    Backdoored PyTorch Lightning package drops credential stealer

    A malicious version of the PyTorch Lightning package was published on the Python Package Index, delivering a credential-stealing payload targeting browsers and cloud services. The package is designed to steal sensitive information from users. This incident highlights the importance of verifying software packages before installation.

  • SECURITYApr 30 · 16:31 UTCTHE HACKER NEWS
    PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

    Threat actors compromised the PyTorch Lightning Python package, publishing malicious versions 2.6.2 and 2.6.3 on April 30, 2026, to steal credentials. Security firms Aikido Security, Socket, and StepSecurity reported the attack, which is part of an ongoing supply chain campaign.

  • SECURITYApr 30 · 16:09 UTCHACKER NEWS
    Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library

    A Shai-Hulud-themed malware was discovered in the PyTorch Lightning AI training library, as reported by Semgrep. The malicious dependency highlights security risks in AI development tools.

PyTorch Lightning · Dossier · The Nexus