PyTorch supply chain attack: Dependency confusion burns DevOps - ReversingLabs

Flaming security posture: A classic dependency confusion attack revealed itself last week. The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI.

3/ It’s proof, once again, that #DevOps needs to get serious about mitigation.

In this week’s #SSBlogwatch we have nothing to lose but our chains.

For @ReversingLabs’ @SecuredSoftware: https://t.co/AJixr4a3zJ

— @Richi 🤓 Jennings (@RiCHi) January 4, 2023