If you're building, training, or shipping AI models with PyTorch Lightning, check your installed version immediately — two freshly published releases of the lightning package on PyPI have been weaponised to silently steal credentials the moment you import the library. Socket's research team today confirmed that versions 2.6.2 and 2.6.3 of the popular deep learning framework are malicious. Version 2.6.1, published January 30, 2026, is clean. Version 2.6.2, published today (April 30, 2026), is where the malicious code was introduced — and Socket's AI scanner flagged both versions as potentially malicious just eighteen minutes after publication. The timing is critical. Lightning receives hundreds of thousands of downloads per day and millions per month, making this among the highest-impact PyPI compromises of the year. What the malware actually does The attack is surgical and stealthy. The malicious package hides a _runtime directory containing a downloader and an obfuscated Java…
