TL;DR: The short version: malicious code with deliberate Dune-universe naming conventions was found embedded in packages targeting the PyTorch Lightning ecosystem. This isn't a typosquat of some obscure utility — PyTorch Lightning is a framework that thousands of ML teams use to struct 📖 Reading time: ~24 min What's in this article If You're Running PyTorch Lightning in a Training Pipeline, Read This First What Was Actually Found Check Your Environment Right Now How the Attack Vector Works in ML Environments Specifically Immediate Mitigation Steps Hardening Your ML Dependency Pipeline Going Forward The Broader PyTorch Ecosystem Risk Surface If You're Running PyTorch Lightning in a Training Pipeline, Read This First The short version: malicious code with deliberate Dune-universe naming conventions was found embedded in packages targeting the PyTorch Lightning ecosystem.…