Discover Hacks/Cracks News
PyTorch: Machine Learning toolkit pwned from Christmas to New Year
PyTorch is one of the most popular and widely-used machine learning toolkits out there. Originally developed and released as an open-source project by Facebook, now Meta, the software was handed over to the Linux Foundation in late 2022, which now runs it under the aegis of the PyTorch Foundation.
Unfortunately, the project was compromised by means of a supply-chain attack during the holiday season at the end of 2022, between Christmas Day [2022-12-25] and the day before New Year’s Eve [2022-12-30].
The attackers malevolently created a Python package called
torchtriton on PyPI, the popular Python Package Index repository.