Neowin

Python developers, uninstall this malicious package right now

Python developers who spent some time coding over the holiday break may want to check out an advisory regarding a malicious PyTorch package that was being fetched from PyPI last week. If you're a ...
Bleeping Computer

PyTorch discloses malicious dependency chain compromise over holidays

PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch ...