Back

Supply Chain Attack Compromises PyTorch Lightning Package

Severity: High (Score: 66.0)

Sources: Thehackernews, Cybersecuritynews

Summary

The PyTorch Lightning framework, a widely used Python package, has been compromised in a supply chain attack that executes credential-stealing malware upon import. Versions 2.6.2 and 2.6.3 of the package have been flagged as malicious, affecting users who import these versions. The attack has also led to the compromise of GitHub maintainer accounts, raising concerns about the broader implications for developers and organizations relying on this framework. The scope of the impact is significant given the popularity of PyTorch Lightning in AI product development. Users are advised to avoid these specific versions until a fix is released. The current status indicates ongoing investigations into the attack vector and potential remediation strategies. Key Points: • PyTorch Lightning versions 2.6.2 and 2.6.3 contain credential-stealing malware. • The attack has compromised GitHub maintainer accounts linked to the package. • Users are advised to refrain from using the affected versions until further notice.

Key Entities

  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • GitHub (platform)
  • PyPI (platform)
  • PyTorch Lightning (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed