Attackers have compromised the popular Python package *Lightning* (widely known as PyTorch Lightning) and published two malicious releases to the Python Package Index (PyPI), according to multiple security teams. The affected versions are **2.6.2** and **2.6.3**, both published on April 30, 2026, and PyPI administrators have since quarantined the project.

### What happened

Security researchers report the malicious package included a hidden `_runtime` directory that downloads additional components and runs an obfuscated JavaScript payload. The execution is designed to trigger automatically when the `lightning` module is imported, meaning normal developer workflows (install + import) could be enough to activate the malware.

### What the malware tries to do

The observed behavior includes broad credential harvesting (including GitHub tokens). Researchers say the malware validates GitHub tokens and then attempts to propagate by injecting commits across repositories the token can write to, using a hardcoded author identity meant to impersonate “Claude Code.” It also reportedly modifies local npm packages to add a malicious `postinstall` hook, increasing the risk of downstream spread if developers publish tampered packages.

### Who is at risk

Teams running ML training code, CI pipelines, or any development environment that installed **Lightning 2.6.2/2.6.3** could be exposed—especially where secrets are present (CI credentials, cloud keys, repo tokens).

### What to do now

- **Block and uninstall** Lightning versions 2.6.2 and 2.6.3.

- **Downgrade** to the last known clean version (**2.6.1**).

- **Rotate credentials** that may have been accessible on affected machines/CI runners (GitHub tokens, CI secrets, cloud creds).

- **Audit repos** for unexpected commits/branch modifications and investigate for persistence.