Lightning

Python package Lightning was compromised on PyPI, with two malicious releases published on April 30, 2026. Security researchers said the code targeted developer credentials and could spread through package ecosystems.