PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

SITREP: Recent supply chain attacks have targeted the PyTorch Lightning package, resulting in the release of two malicious versions (2.6.2 and 2.6.3) designed for credential theft. These versions were published on April 30, 2026, and have been identified by multiple security firms. TACTICAL ASSESSMENT: This incident highlights the ongoing vulnerability of software supply chains to cyber threats, which can lead to widespread credential compromise. The targeting of widely used packages like PyTorch Lightning indicates a strategic focus on high-impact software components. PROJECTED VECTORS: Future attacks may exploit additional software packages or frameworks, increasing the risk of credential theft across various platforms.