PyTorch admins warn of malicious 'torchtriton' dependency

Ruined Christmas for thousands of devs

clock • 2 min read
PyTorch admins warn of malicious 'torchtriton' dependency
Image:

PyTorch admins warn of malicious 'torchtriton' dependency

Package maintainers for open source framework PyTorch have said a malicious dependency imitating one of its own was available on a prominent code repository during the holiday season.

The dependency confusion attack included submitting a malicious version of the torchtriton dependency to the Python Package Index (PyPI), an online package repository for Python developers. The ...

To continue reading this article...

Join Computing

  • Unlimited access to real-time news, analysis and opinion from the technology industry
  • Receive important and breaking news in our daily newsletter
  • Be the first to hear about our events and awards programmes
  • Join live member only interviews with IT leaders at the ‘IT Lounge’; your chance to ask your burning tech questions and have them answered
  • Access to the Computing Delta hub providing market intelligence and research
  • Receive our members-only newsletter with exclusive opinion pieces from senior IT Leaders

Join now

 

Already a Computing member?

Login

You may also like
Over 380,000 web hosts affected by Polyfill attack

Threats and Risks

Follows Polyfill's acquisition by Chinese firm in February

clock 08 July 2024 • 3 min read
Voyager 1 back in action: NASA engineers fix 24-billion-km glitch

Chips and Components

Jiggled the code a bit to make it work

clock 24 April 2024 • 2 min read
Lazarus uploading malware to open-source PyPl software repository

Threats and Risks

Supply chain attack leaves developers in Asia at particular risk

clock 12 March 2024 • 3 min read

More on Threats and Risks

New threat group CRYSTALRAY seen using variety of off-the-shelf tools to steal credentials

New threat group CRYSTALRAY seen using variety of off-the-shelf tools to steal credentials

Sysdig researchers have been following the group since February

John Leonard
clock 11 July 2024 • 2 min read
Blast-RADIUS: Major vulnerability found in common protocol

Blast-RADIUS: Major vulnerability found in common protocol

Used everywhere, from home internet to VPNs

clock 11 July 2024 • 2 min read
Over 380,000 web hosts affected by Polyfill attack

Over 380,000 web hosts affected by Polyfill attack

Follows Polyfill's acquisition by Chinese firm in February

clock 08 July 2024 • 3 min read