About Contact Privacy
Search
West Bengal Election 2026 West Bengal Election 2026 India India Tech Tech Entertainment Entertainment Sports Sports Business Business Health & Lifestyle Health & Lifestyle Travel Travel Education Education Finance Finance World World

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Business 01 May 2026
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

PyTorch Lightning and Intercom-Client Hit in Devastating Supply Chain Attacks

In a shocking turn of events, researchers have uncovered a sophisticated supply chain attack that has compromised the integrity of two prominent open-source projects: PyTorch Lightning and Intercom-client. The malicious attack, which was released on April 30, has enabled the theft of sensitive credentials, leaving users vulnerable to potential data breaches.

According to experts, the malicious versions of PyTorch Lightning (2.6.2 and 2.6.3) contain a hidden payload that allows attackers to steal user credentials. This payload, which was cleverly disguised as a legitimate update, was uploaded to the PyPI (Python Package Index) repository, a trusted source for open-source packages.

The compromised packages were downloaded by thousands of users, who were unaware of the malicious code embedded within. As a result, the PyPI repository has been quarantined, and users are being forced to remediate their systems to prevent further damage.

The Intercom-client project, which was also affected by the supply chain attack, has issued a warning to its users, urging them to update to the latest version of the package. Intercom-client is a popular open-source library used for building customer communication platforms.

"This is a classic example of a supply chain attack, where malicious actors compromise a trusted third-party library to gain access to sensitive information," said a cybersecurity expert, who wished to remain anonymous. "The fact that this attack was able to go undetected for so long is a testament to the sophistication of the attackers."

The PyTorch Lightning team has issued a statement apologizing for the incident and assuring users that they are working closely with the PyPI team to rectify the situation. "We take the security of our users very seriously, and we are committed to ensuring that our packages are secure and trustworthy," said the team in a statement.

In light of this incident, users are advised to exercise extreme caution when downloading open-source packages from untrusted sources. It is essential to regularly update packages and monitor for any suspicious activity to prevent similar attacks in the future.

As the investigation into this incident continues, one thing is clear: the cybersecurity landscape is becoming increasingly complex, and users must be vigilant to protect themselves from these types of attacks.