PyTorch Lightning
Coverage of PyTorch Lightning in the Nexus archive.
- Backdoored PyTorch Lightning package drops credential stealer
A malicious version of the PyTorch Lightning package was published on the Python Package Index, delivering a credential-stealing payload targeting browsers and cloud services. The package is designed to steal sensitive information from users. This incident highlights the importance of verifying software packages before installation.
- PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
Threat actors compromised the PyTorch Lightning Python package, publishing malicious versions 2.6.2 and 2.6.3 on April 30, 2026, to steal credentials. Security firms Aikido Security, Socket, and StepSecurity reported the attack, which is part of an ongoing supply chain campaign.
- Shai-Hulud Themed Malware Found in the PyTorch Lightning AI Training Library
A Shai-Hulud-themed malware was discovered in the PyTorch Lightning AI training library, as reported by Semgrep. The malicious dependency highlights security risks in AI development tools.