What happened

Malicious releases pytorch-lightning==2.6.2 and 2.6.3 were published to PyPI on April 30, 2026, attributed to TeamPCP. The payload encrypts harvested credentials and exfiltrates them to a remote collector.

PyPI administrators quarantined the project and later removed the malicious versions, but anyone who installed them in the window between publication and quarantine should consider their environment compromised.

Indicators

• pytorch-lightning resolved to 2.6.2 or 2.6.3 in any pip freeze between April 30 and May 1.
• Outbound HTTPS POST containing AES-encrypted payload to a TeamPCP collector.