Threat actors compromised PyTorch Lightning versions 2.6.2 and 2.6.3 on PyPI on April 30, 2026, deploying credential-stealing malware that executes automatically on import. Here is the most detailed technical breakdown of the attack chain, IOCs, and remediation steps.