PyTorch Lightning and Intercom packages hit by credential-stealing supply chain attack

A new supply chain attack has hit the Python, npm, and PHP package ecosystems, with malicious versions of Lightning and Intercom packages used to steal developer credentials and spread through repositories. The main affected Lightning versions are 2.6.2 and 2.6.3, which were pushed to PyPI on April 30, 2026. The project’s advisory says these versions […] The post PyTorch Lightning and Intercom packages hit by credential-stealing supply chain attack appeared first on VPN Central.