Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/CyberSecurity News/Critical Supply Chain Attack on PyTorch-Lightning Python Package
CyberSecurity News

Critical Supply Chain Attack on PyTorch-Lightning Python Package

Key Takeaways A sophisticated supply chain attack has compromised versions 2.6.2 and 2.6.3 of the widely used lightning (PyTorch Lightning) Python package. The malicious packages automatically...

David kimber
David kimber
April 30, 2026 4 Min Read
46 0

Key Takeaways

  • A sophisticated supply chain attack has compromised versions 2.6.2 and 2.6.3 of the widely used lightning (PyTorch Lightning) Python package.
  • The malicious packages automatically execute credential-stealing malware upon import, targeting developer systems, CI/CD pipelines, and cloud environments.
  • GitHub maintainer accounts for the project appear to have been compromised, indicated by suspicious activity on issue threads.
  • The attack is linked to the Team PCP campaign and shares similarities with the Shai-Hulud attack, focusing on exfiltrating GitHub, NPM, and cloud credentials.
  • Immediate action is required for any system that installed or imported the affected versions, including downgrading and comprehensive credential rotation.

A critical supply chain attack has struck the Python deep learning framework lightning, a package integral to AI and machine learning workflows. This incident involves the compromise of specific package versions, leading to the automatic execution of credential-stealing malware and the apparent takeover of GitHub maintainer accounts.

Table Of Content

  • Key Takeaways
  • Hidden Malware Execution Chain
  • GitHub Maintainer Account Appears Compromised
  • What You Should Do

The affected package, known as lightning on PyPI, is the deep learning framework used for training, deploying, and shipping AI products. It boasts hundreds of thousands of daily downloads and millions of monthly installations, underscoring the potential widespread impact of this breach.

Researchers at Socket identified versions 2.6.2 and 2.6.3 as malicious just 18 minutes after their publication on April 30, 2026. Version 2.6.1, released on January 30, 2026, remains untainted and is considered the last secure iteration of the package.

The attack directly endangers developer workstations, continuous integration/continuous deployment (CI/CD) pipelines, and cloud build environments. Any system that has installed and subsequently imported the compromised versions is now considered at high risk.

Compromised Package Illustration

Hidden Malware Execution Chain

Socket’s detailed analysis uncovered a concealed _runtime directory within the malicious packages. This directory contains a multi-stage execution chain designed to activate silently and automatically upon the module’s import, requiring no further user interaction. The identified components of this sophisticated attack include:

  • start.py: This script initiates the compromise by downloading and executing Bun, a JavaScript runtime, directly from GitHub.
  • router_runtime.js: An 11 MB JavaScript payload, heavily obfuscated, forms the core of the malware. It contains extensive references to process and env (703), tokens and authentication material (over 463), and repositories (336), indicating its data harvesting capabilities.
  • Daemon thread execution: The malware operates as a silent daemon thread, suppressing output to evade detection.
  • Credential exfiltration: The primary objective is to steal sensitive credentials, including GitHub tokens, NPM tokens, cloud access keys (AWS, GCP, Azure), environment variables, and other secrets.
  • GitHub API abuse: Stolen GitHub tokens are leveraged to commit encoded data to repositories controlled by the attackers.
  • NPM package infection: The malware possesses the capability to inject malicious code into developer NPM package tarballs, establishing a persistent foothold.

The obfuscated router_runtime.js payload exhibits significant technical parallels with the Shai-Hulud attack campaign. These overlaps include identical patterns for targeting credentials, similar token theft logic, and shared obfuscation techniques, suggesting a common origin or shared toolkit.

This incident aligns with the escalating open-source supply chain campaign attributed to Team PCP. This group has previously compromised other prominent packages in quick succession, including LiteLLM (March 24, 2026), Telnyx (March 27, 2026), and Xinference.

During the incident response phase, an attacker posted a Tor onion link within the Lightning-AI GitHub issue thread. This link led to a Team PCP-branded website featuring a PGP-signed message that claimed LAPSUS$ was “a good partner” in the operation. Socket has not independently verified this attribution and is investigating whether the Team PCP branding is genuine, an opportunistic association, or a deliberate false-flag attempt.

GitHub Maintainer Account Appears Compromised

Reports from community members emerged in the Lightning-AI GitHub repository under issue #21689, titled “Possible supply chain attack on version 2.6.3.”

GitHub Issue Screenshot

When Socket subsequently posted a follow-up warning in the pytorch-lightning repository, the issue was closed within one minute by the pl-ghost account. This account then posted a “SILENCE DEVELOPER” meme, strongly indicating that the project’s GitHub account has been compromised and is under attacker control.

What You Should Do

Security teams must consider any environment that has installed and imported lightning versions 2.6.2 or 2.6.3 to be fully compromised and should take immediate action:

  • Remove Malicious Versions: Immediately uninstall versions 2.6.2 and 2.6.3 from all affected systems.
  • Downgrade to Safe Version: Downgrade installations to version 2.6.1, which is confirmed clean, or await official guidance from the maintainers.
  • Rotate All Credentials: Promptly rotate all potentially compromised credentials, including GitHub tokens, NPM tokens, cloud access keys (AWS, GCP, Azure), and any secrets stored in environment variables.
  • Audit GitHub Repositories: Scrutinize GitHub repositories for any unauthorized commits or suspicious encoded data injections.
  • Review Logs: Thoroughly review logs from CI/CD pipelines, developer workstations, and build systems where the compromised package may have been imported.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackMalwareSecurity

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

FBI, CISA Issue Zero Trust Guide for OT Environments

Next Post

Iranian Hackers Target US Organizations With Fake Event Invites

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us