Alex CoventryJan 1, 2023

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.

Steals all your SSH keys!

"If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022)."

#infosec #machinelearning #deeplearning

https://pytorch.org/blog/compromised-nightly-dependency/

https://news.ycombinator.com/item?id=34202836

Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022. – PyTorch

Show threadJasper 🍉

@alx yeah you should bubblewrap/firejail your stuff..

Really need better packaging systems that also state what files/etc they need so they can be limited to that. (Or at least attempted to be limited to that...)

Jan 1, 2023 at 10:17amWeb