If you installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, please uninstall it and torchtriton immediately, and use the latest nightly binaries (newer than Dec 30th 2022). $ pip3 uninstall -y torch torchvision torchaudio torchtriton $ pip3 cache purge PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary. This is what is known as a supply chain attack and directly affects dependencies for packages that are hosted on public package indices.

A malicious Python file found on the PyPI repo adds backdoor and data exfiltration features to what appears to be a legitimate SDK client from SentinelOne.

Malicious packages that download ransomware binaries written in Golang published today, with more expected in the coming hours.

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

This week, immensely popular PyPI package 'ctx' has been compromised and altered to steal environment variables from its users. Additionally, a forked PHP project 'phpass' also suffered a repo-hijacking attack with the project tained with identical malicious payload.

Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.

Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.

Rules for industries and governments aim to prevent all-out cyber breakdown.

Rules for industries and governments aim to prevent all-out cyber breakdown.