The developer behind a leading open source machine learning framework has warned that a malicious dependency mimicking one of its own was available on a leading code repository over the Christmas period. The malicious package, “torchtriton,” had the same name as a legitimate PyTorch dependency, but featured code that uploaded sensitive data from a victim’s machine, PyTorch explained.

Read full article on Infosecurity