PyTorch suffers supply chain attack via dependency confusion

Read Time:33 Second

Users who deployed the nightly builds of PyTorch between Christmas and New Year’s Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps are not taken.

“If you installed PyTorch nightly on Linux via pip between December 25, 2022, and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than December 30, 2022),” the PyTorch maintainers said in a security advisory.

To read this article in full, please click here

Upcoming Speaking Engagements

Major WordPress Plugin Flaw Exploited in Under 4 Hours

Prodaft Offers “No Judgment” Deal to Buy Dark Web Accounts from Cybercrime Forum Users

New Malware ResolverRAT Targets Healthcare and Pharma Sectors

US Blocks Foreign Governments from Acquiring Citizen Data

China Sort of Admits to Being Behind Volt Typhoon

Digital Certificate Lifespans to Fall to 47 Days by 2029

AI Hallucinations Create “Slopsquatting” Supply Chain Threat

Medusa ransomware gang claims to have hacked NASCAR