DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

PyTorch Poisoned in Software Supply Chain Attack

2 years ago thenewstack.io
PyTorch Poisoned in Software Supply Chain Attack

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

If you downloaded PyTorch-nightly on Linux via pip between Dec. 25, 2022, and Dec. 30, 2022, you’ve got trouble. Someone, we still don’t know who, uploaded a https://pytorch.org/blog/compromised-nightly-dependency/ that hid under the real dependency name, torchtriton.

The good news is that this supply chain attack only hit the nightly builds.

You might wonder how this could happen since the malicious code wasn’t copied over the good version. The PyTorch Team explained, “Since the https://github.com/pypa/pip/issues/8606, this malicious package was being installed instead of the version from our official repository.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com