lightning PyPI Compromise: A Bun-Based Credential Stealer in Python

On April 30, 2026, two malicious versions of the popular PyPI package "lightning," affecting the deep learning framework previously known as pytorch-lightning, were released, containing hidden code that downloads and executes a credential-stealing payload using the Bun JavaScript runtime. These compromised versions, 2.6.2 and 2.6.3, were identified by the security company Snyk, which rated the threat as critical with a CVSS score of 9.3. The attack represents a compromise of a legitimate package, with the hidden payload designed to harvest credentials and manipulate repositories without altering the visible API, to maintain the package's usability until discovery. The incident follows a similar pattern to previous exploits involving Bun-based payloads, indicating likely reuse of attacker tooling across different ecosystems. PyPI has quarantined the affected project, and Snyk has provided guidance on mitigating exposure, highlighting the need for improved security measures in package publishing, such as trusted-publisher bindings and manual approval processes, to prevent future supply chain attacks.