Malware in PyTorch Lightning dependency tree harvested credentials from CI
A malicious package embedded in PyTorch Lightning's transitive dependencies executed on install and exfiltrated environment variables and credentials. The attack used dependency confusion or typosquatting to inject code that ran at pip install time—before any imports—targeting cloud credentials, API keys, and service tokens in ML training environments. If your CI ran PyTorch Lightning builds recently, you should rotate any credentials that were accessible at build time and audit CloudTrail logs for suspicious activity. The attack highlights a structural weakness in Python packaging: no mandatory code signing, no verified publisher model, and the assumption that pip install is safe. PyTorch Lightning's large install base (millions of monthly downloads) and extensive optional dependency tree made it an attractive target. This is not a PyTorch Lightning code vulnerability—it's a supply chain compromise of a dependency, which means auditing your direct requirements.txt is insufficient; you need visibility into the full resolved dependency tree. Semgrep's security team discovered and reported the malware.
https://semgrep.dev/blog/2026/malicio...