{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/pytorch-lightning/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["pytorch-lightning"],"_cs_severities":["critical"],"_cs_tags":["supply-chain","pypi","credential-theft","malware"],"_cs_type":"advisory","_cs_vendors":["GitHub"],"content_html":"\u003cp\u003eOn April 30, 2026, two malicious versions (2.6.2 and 2.6.3) of the widely used \u003ccode\u003epytorch-lightning\u003c/code\u003e package were published to the PyPI registry after the publisher account was compromised. These versions contain embedded malicious code designed to steal developer credentials and republish infected versions of repositories to which the stolen tokens have access. The attack is triggered upon importing the package, initiating a background process that silently harvests credentials from a wide array of services, including AWS, Azure, Google Cloud, and GitHub, as well as local environment variables and credential files. Version 2.6.3 was published just 13 minutes after 2.6.2, and was intended to evade detection.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker compromises the publisher account for the \u003ccode\u003epytorch-lightning\u003c/code\u003e package on PyPI.\u003c/li\u003e\n\u003cli\u003eAttacker publishes malicious versions 2.6.2 and 2.6.3 to PyPI.\u003c/li\u003e\n\u003cli\u003eA modified \u003ccode\u003e__init__.py\u003c/code\u003e file within the package initiates a background process upon import.\u003c/li\u003e\n\u003cli\u003eThe background process executes silently, without any visible output or indication of compromise to the user.\u003c/li\u003e\n\u003cli\u003eThe malicious package downloads a runtime (Bun) from GitHub.\u003c/li\u003e\n\u003cli\u003eThe package executes a large, obfuscated JavaScript file, targeting AWS, Azure, Google Cloud, GitHub, and local credential stores.\u003c/li\u003e\n\u003cli\u003eStolen credentials, including cloud provider keys, API tokens, and secrets, are exfiltrated to attacker-controlled infrastructure.\u003c/li\u003e\n\u003cli\u003eThe malware attempts to download and execute a second-stage payload from attacker-controlled infrastructure, expanding the scope of the attack.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eOrganizations that downloaded and used versions 2.6.2 or 2.6.3 of the \u003ccode\u003epytorch-lightning\u003c/code\u003e package are at high risk of compromise. The malicious package is designed to steal a wide range of credentials, including cloud provider keys, API tokens, and secrets stored in environment variables. This can lead to unauthorized access to sensitive data and systems, potentially resulting in data breaches, financial losses, and reputational damage. The malware\u0026rsquo;s ability to download and execute secondary payloads further increases the potential impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately remove versions 2.6.2 and 2.6.3 of the \u003ccode\u003elightning\u003c/code\u003e package from all systems where they are installed (see overview).\u003c/li\u003e\n\u003cli\u003eAudit systems for unauthorized processes and review outbound network connections to detect potential compromises (see overview).\u003c/li\u003e\n\u003cli\u003eRotate all cloud provider keys (AWS, Azure, GCP), API tokens (GitHub, CI/CD systems), and secrets stored in environment variables to prevent further unauthorized access (see Attack Chain).\u003c/li\u003e\n\u003cli\u003eImplement the \u003ccode\u003eDetect Suspicious PyPI Package Installation\u003c/code\u003e Sigma rule to identify potential malicious packages being installed in the future (see rules).\u003c/li\u003e\n\u003cli\u003eImplement the \u003ccode\u003eDetect Credential Harvesting via Bun\u003c/code\u003e Sigma rule to catch execution of the malicious JavaScript payload (see rules).\u003c/li\u003e\n\u003cli\u003ePin dependencies to known-good versions and verify package integrity before use to prevent future supply chain attacks (see references).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T00:45:31Z","date_published":"2026-05-01T00:45:31Z","id":"/briefs/2026-05-pytorch-lightning-compromise/","summary":"Compromised PyTorch Lightning packages versions 2.6.2 and 2.6.3 on PyPI contain malicious code to steal developer credentials from cloud and developer environments, and republish infected packages.","title":"Compromised PyTorch Lightning Packages on PyPI Steal Developer Credentials","url":"https://feed.craftedsignal.io/briefs/2026-05-pytorch-lightning-compromise/"}],"language":"en","title":"CraftedSignal Threat Feed — Pytorch-Lightning","version":"https://jsonfeed.org/version/1.1"}