Credential Theft via Supply Chain: PyTorch Lightning and Intercom-client Packages Compromised
Overview of Recent Supply Chain Attacks
In early 2026, the open-source ecosystem faced a pair of coordinated software supply chain attacks targeting widely-used Python packages. Threat actors successfully compromised the Lightning repository (formerly PyTorch Lightning) and the Intercom-client library, releasing malicious versions designed to harvest credentials from unsuspecting users. Security firms including Aikido Security, OX Security, Socket, and StepSecurity reported the incidents, highlighting the growing sophistication of attackers who exploit trust in popular packages.
Attack on PyTorch Lightning (Lightning)
The well-known machine learning framework Lightning became a vector for credential theft after malicious versions 2.6.2 and 2.6.3 were published on April 30, 2026. According to researchers, the attackers gained access to the maintainers' PyPI account, possibly through a leaked API token or a compromised CI/CD pipeline. The tainted releases were downloaded by hundreds of users before being pulled.
Malicious Payload Analysis
Upon installation, the rogue packages executed a background script that connected to a remote command-and-control server. The payload specifically targeted environment variables, SSH keys, and cloud provider tokens stored in the system. Additionally, it intercepted any credentials typed during interactive sessions. Once collected, the data was exfiltrated via encrypted HTTP POST requests.
Impact and Detection
Organizations using Lightning for AI/ML workflows were urged to check their installation logs for versions 2.6.2 and 2.6.3. The malicious code was only active in those two versions; versions before and after (2.6.1 and 2.6.4) are considered clean. Security tools like Socket and StepSecurity have released signatures to detect the compromise.
Simultaneous Breach of Intercom-client
Almost concurrently, another Python package — Intercom-client, an official library for integrating with the Intercom customer messaging platform — suffered a similar fate. The attackers released versions 1.4.5 and 1.4.6 containing obfuscated code that collected OAuth tokens and API keys when users invoked library functions.
Credential Harvesting Mechanism
Unlike the Lightning attack, which used a payload in setup scripts, the Intercom-client compromise hid the harmful logic within the main module's __init__.py. The code activated only when the package was imported and a connection to Intercom was initialized. It then silently recorded authentication details and sent them to a hard-coded endpoint that mimicked a legitimate API endpoint.
Common Attack Vector: Dependencies and Pip
Both incidents share a common pattern: attackers compromise the maintainer's direct access to PyPI, then inject malicious code into otherwise legitimate updates. These attacks underline the risk of dependency confusion and the need for multi-factor authentication on package managers. The community is now pushing for mandatory use of API tokens with short expiration windows and verification of package checksums before installation.
Mitigation Steps for Developers
To protect against similar supply chain threats, security experts recommend the following precautions:
- Pin exact versions in requirements.txt or pyproject.toml, and review updates manually.
- Use digital signatures — verify that the package hash matches the one published on the index.
- Monitor your environment for unexpected outbound connections or credential leaks.
- Rotate compromised credentials immediately if you have installed any of the malicious versions.
- Implement CI/CD scanning with tools like Socket, Dependabot, or GitHub's supply chain security features.
For a deeper dive into detection, refer to the analysis reports by Aikido Security and OX Security.
Response from Package Maintainers
Both the Lightning AI team and the Intercom-client maintainers released patches within 24 hours. The malicious versions were removed from PyPI, and the maintainers reset all access keys. They also published postmortems explaining how the breach occurred and what steps were taken to prevent recurrence. Users are strongly advised to upgrade to the latest stable versions immediately.
Conclusion
The simultaneous compromise of Lightning and Intercom-client illustrates that even trusted open-source projects can be weaponized for credential theft. Developers must adopt a zero-trust approach to dependencies, continuously audit their supply chain, and stay informed about emerging threats. As the attack surface grows, collective vigilance remains the best defense.
Related Articles
- When AI Turns the Table: The New Dangers of Automated Boring Stuff
- Hacks Season 5 Episode Delivers Fan-Fiction Romance—But It’s All a Fictional Mirage
- Anthropic's Claude Mythos: The New Frontier in AI-Driven Cybersecurity Threats and Defenses
- 10 Critical Facts About the Microsoft Exchange Zero-Day Vulnerability Exploited in Attacks
- Critical Flaw in Linux Kernel's AEAD Sockets: Arbitrary Page Cache Writes Expose Systems to Attack
- New Cybercrime Syndicates Unleash Fast-Paced Vishing and SSO Attacks Against SaaS Platforms
- Benchmarking Mythos: A Powerful Tool for Code Audits but Lacking in Exploit Validation
- 10 Critical Facts About Windows 11's April Update Breaking Backup Software