Welcome to another Afternoon Dessert breakout:
PyTorch Machine Learning Framework Compromised with Malicious Dependency
The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack.
“PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package
RedZei Chinese Scammers Targeting Chinese Students in the U.K.
Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief).
“The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation,” cybersecurity researcher Will Thomas (@BushidoToken) said in a write-up
Follow for more…