all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Exploiting a critical supply chain attack on PyTorch - discovery, exploitation, and submission process

Add to bookmarks
Jan. 11, 2024, 5:56 p.m. | /u/IrohsLotusTile

cybersecurity www.reddit.com

Four months ago, I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platforms. Used by titans like Google, Meta, Boeing, and Lockheed Martin, PyTorch is a major target for hackers and nation-states alike.
The details around discovery and exploitation are pretty long, but I released a full walkthrough here: https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/.

Hopefully attacks like these can convince the greater security community to take CI/CD and supply chain security seriously - in my experience, this is a …

attack attacks boeing critical cybersecurity discovery exploitation exploited exploiting google hackers lockheed lockheed martin major meta nation nation-states platforms process pytorch states submission supply supply chain supply chain attack target vulnerability world

Visit resource

More from www.reddit.com / cybersecurity

Adopting Pentesting into an SDLC 2 hours ago | www.reddit.com
apps bank bosses clients +9
CrushFTP vulnerability CVE-2024-4040: what you need to know 9 hours ago | www.reddit.com
crushftp cve cve-2024 cve-2024-4040 +2
Internal Data Breach at J.P. Morgan Impacts Over 450,000 Individuals 16 hours ago | www.reddit.com
breach cybersecurity data data breach +2
'Admin' and '12345' banned from being used as passwords in UK crackdown on cyber attacks 16 hours ago | www.reddit.com
admin attacks banned crackdown +4
Holding Pentester accountable for bad files on endpoint 19 hours ago | www.reddit.com
attention bad cybersecurity endpoint +10
Okta warns of "unprecedented" credential stuffing attacks on customers 19 hours ago | www.reddit.com
attacks credential credential stuffing credential stuffing attacks +4
US Post Office phishing sites get as much traffic as the real one 19 hours ago | www.reddit.com
cybersecurity office phishing post office +2
Reuters: Telegram says Ukrainian government chatbots mistakenly blocked 19 hours ago | www.reddit.com
blocked chatbots cybersecurity government +3
What is are the MINIMUM cyber security practices you'd like to see in an organization 20 hours ago | www.reddit.com
business consulting cyber cyber security +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Architect - Identity and Access Management Architect (80-100% | Hybrid option)

@ Swiss Re | Madrid, M, ES
View on infosec-jobs.com

Alternant - Consultant HSE (F-H-X)

@ Bureau Veritas Group | MULHOUSE, Grand Est, FR
View on infosec-jobs.com

Senior Risk/Cyber Security Analyst

@ Baker Hughes | IN-KA-BANGALORE-NEON BUILDING WEST TOWER
View on infosec-jobs.com

Offensive Security Engineer (University Grad)

@ Meta | Bellevue, WA | Menlo Park, CA | Seattle, WA | Washington, DC | New York City
View on infosec-jobs.com

Senior IAM Security Engineer

@ Norfolk Southern | Atlanta, GA, US, 30308
View on infosec-jobs.com
View more jobs