Analyst207Apr 30

PyTorch Lightning Targeted in PyPI Supply Chain Credential Heist

Malicious actors have struck PyTorch Lightning with a supply chain attack, publishing two tainted package versions that automatically steal credentials when imported. The attack involves a sneaky _runtime directory with a downloader and obfuscated JavaScript payload.

https://osintsights.com/pytorch-lightning-targeted-in-pypi-supply-chain-credential-heist?utm_source=mastodon&utm_medium=social

#PytorchLightning #SupplyChainAttack #Pypi #CredentialHeist #EmergingThreats

PyTorch Lightning Targeted in PyPI Supply Chain Credential Heist

PyTorch Lightning hit by malicious PyPI packages stealing credentials learn how to protect your supply chain now from credential heists using secure package management practices today.

OSINTSights