Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers uploaded version 2.6.3 to the Python Package Index (PyPI), where it spread among developers before maintainers removed […]
A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers uploaded version 2.6.3 to the Python Package Index (PyPI), where it spread among developers before maintainers removed it at the end of April.
PyTorch Lightning is an open-source framework built on top of PyTorch that simplifies how developers train and deploy deep learning models.
Related breach coverage
- Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence2026-05-09
Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels […]
- Braintrust security incident raises concerns over AI supply chain risks2026-05-09
Braintrust warned customers to rotate API keys after hackers breached an AWS account, exposing secrets tied to cloud-based AI models. AI observability startup Braintrust warned customers to rotate API keys after attackers gained unauthorized access to one of the company’s AWS accounts, potentially exposing secrets used to connect to cloud-based AI models. The company said […]
- Hackers compromise Daemon Tools in global supply-chain attack, researchers say2026-05-06
Researchers at Kaspersky said attackers tampered with installers for Daemon Tools — a popular program used to mount disk images as virtual drives — and distributed them through the software’s official website.
- Iranian cyber espionage disguised as a Chaos Ransomware attack2026-05-06
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended […]