Breaking: Two Popular Python Libraries Compromised in Sophisticated Supply Chain Attack
April 30, 2026 — Threat actors have successfully injected malicious code into two widely-used Python packages, PyTorch Lightning and Intercom-client, as part of an ongoing supply chain attack aimed at stealing credentials. Security researchers from Aikido Security, OX Security, Socket, and StepSecurity have confirmed that versions 2.6.2 and 2.6.3 of PyTorch Lightning, published on April 30, 2026, contain hidden credential-harvesting mechanisms.
The attackers also compromised the Intercom-client package, though specific version numbers have not yet been fully disclosed. The campaign is assessed to be a coordinated effort to infiltrate development environments and exfiltrate sensitive credentials used in CI/CD pipelines and cloud deployments.
Key Details of the Attack
The malicious versions of PyTorch Lightning (2.6.2 and 2.6.3) were uploaded to the Python Package Index (PyPI) on April 30, 2026. According to Aikido Security, the payloads were designed to steal authentication tokens, API keys, and database credentials from infected systems.
“The attack is highly targeted. We observed the malicious code only activating under specific conditions, making detection difficult for traditional security tools,” said a senior analyst at OX Security. Socket Security added that the malicious code communicated with command-and-control servers hosted on multiple cloud providers.
Immediate Impact and Detection
Developers who installed PyTorch Lightning 2.6.2 or 2.6.3 between April 30 and May 1 are urged to immediately rotate all credentials exposed to their development environments. “If you’ve used these versions, assume all secrets are compromised,” warned StepSecurity in an emergency advisory.
The Intercom-client package was hit via a dependency confusion technique, according to preliminary analysis. Organizations using automated dependency updates without integrity checking are at heightened risk.
Background: Ongoing Supply Chain Threats
Supply chain attacks targeting Python packages have escalated in recent years. In 2024, similar campaigns compromised the requests and urllib3 ecosystem, leveraging typosquatting and dependency confusion. The PyTorch Lightning incident marks the first time a major machine learning framework has been directly targeted for credential theft.
The Python Package Index (PyPI) has improved security measures, but these latest attacks demonstrate persistent gaps in package verification. “We are working with PyPI administrators to remove the malicious versions,” a spokesperson for Aikido Security confirmed.
What This Means for Developers and Enterprises
This attack underscores that no widely-used library is immune to supply chain compromise. Developers must implement rigorous software composition analysis (SCA) and lock dependency versions with hashing.
“Immediately audit your requirements.txt or Pipfile for versions 2.6.2 and 2.6.3 of PyTorch Lightning, and any recent Intercom-client installs,” urged a security researcher from Socket. Enterprises should also monitor for anomalous outbound traffic from build servers, as stolen credentials may be used for further lateral movement.
The incident also highlights the need for multi-layered security: network segmentation, least-privilege access, and credential rotation policies. Failure to act could lead to cloud account takeovers or data breaches.
Urgent Recommendations
- Check all environments for PyTorch Lightning versions 2.6.2 and 2.6.3 — treat them as compromised.
- Rotate all API keys, tokens, and passwords that were present on systems where these packages ran.
- Review CI/CD logs for any unexpected outbound connections between April 30 and now.
- Enable integrity verification for all dependencies using hash-locking tools like
pip hashor Poetry lock files.
For ongoing updates, follow Background and What This Means sections. This is a developing story.