WeSearch

PyTorch Lightning 2.6.2/2.6.3 supply chain attack malware executes on import, steals cloud creds.

· 0 reactions · 0 comments · 3 views

PSA for anyone running AI/ML training pipelines: PyTorch Lightning versions 2.6.2 and 2.6.3 (published April 30, 2026) were compromised in a supply chain attack. If you installed either version, your environment should be treated as fully compromised. Technical details worth discussing: The attack is import-time: modified __init__.py spawns a background thread the moment you run "import lightning". Downloads Bun JS runtime, deploys an 11MB obfuscated payload (router_runtime.js), harvests SSH key

Original article
Python
Read full at Python →
Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from Python

llama.cpp via llama-cpp-python and PandasAI?
Python·6
I wrote a free, open-source book: "Advanced Methods in SciPy and Statsmodels"
Python·4
Best way to handle OCR for scanned PDFs in a web app (cost vs accuracy)?
Python·4
I have python framework django domain, tell me what you need on that website
Python·17
Choosing a Python Logging Library in 2026 (Comparison)
Python·8
What is the best python platform(s) to use at the intersection of HPC and Quantum Computing?
Python·9