all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

PyTorch supply chain attack: Dependency confusion burns DevOps

Add to bookmarks
Jan. 4, 2023, 5 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news


A classic dependency confusion attack revealed itself last week. The PyTorch open source software supply chain was compromised by a hacker publishing a malicious torchtriton clone on PyPI.


The perp was pretending to be an ethical researcher. However, the alarm was raised by their efforts to obfuscate the malware and exfiltrate sensitive data. Not only that, but the stolen data could have been viewed in transit.


It’s proof, once again, that DevOps needs to get serious about mitigation. In …

alarm attack compromised data dependency dependency confusion devops hacker malicious malware open source open source software supply open source software supply chain publishing pypi pytorch researcher sensitive data software software supply chain stolen supply supply chain supply chain attack

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

HPE security advisory (AV24-232) an hour ago | malware.news
advisory article canadian canadian centre for cyber security +7
SonicWall security advisory (AV24-233) an hour ago | malware.news
advisory article canadian canadian centre for cyber security +7
Critical infrastructure cyberattacks pushed NSA to unmask thousands of U.S. identities through spying law an hour ago | malware.news
act critical critical infrastructure cyberattacks +14
Change Healthcare incident caused by compromised Citrix credentials 2 hours ago | malware.news
article ceo change change healthcare +15
Stolen Citrix Credentials Led to Change Ransomware Attack 2 hours ago | malware.news
access attack authentication ceo +23
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN … 3 hours ago | malware.news
article chrome fcc ftc +9
Navigating the cybersecurity career maze 4 hours ago | malware.news
article career careers cyber +12
The Top 11 Legal Industry Cyber Attacks 4 hours ago | malware.news
addition attack attacks breach +13
Sophos named a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response … 5 hours ago | malware.news
and response article business capabilities +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom
View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands
View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila
View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com
View more jobs