A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...
This was not a case of stolen credentials, but rather of vulnerability exploitation.
Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...