PyTorch suffers supply chain attack via dependency confusion

Read Time:33 Second

Users who deployed the nightly builds of PyTorch between Christmas and New Year’s Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps are not taken.

“If you installed PyTorch nightly on Linux via pip between December 25, 2022, and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than December 30, 2022),” the PyTorch maintainers said in a security advisory.

To read this article in full, please click here

WP Ultimate CSV Importer Flaws Expose 20,000 Websites to Attacks

The AI Fix #44: AI-generated malware, and a stunning AI breakthrough

Ukraine Blames Russia for Railway Hack, Labels It “Act of Terrorism”

New Phishing Attack Combines Vishing and DLL Sideloading Techniques

Google to Switch on E2EE for All Gmail Users

Cybercriminals Expand Use of Lookalike Domains in Email Attacks

Cell Phone OPSEC for Border Crossings

Hackers exploit little-known WordPress MU-plugins feature to hide malware

Cyber Security and Resilience Bill Will Apply to 1000 UK Firms