PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and forced remediation.
More info