|
|
Log in / Subscribe / Register

Stawinski: How We Executed a Critical Supply Chain Attack on PyTorch

Stawinski: How We Executed a Critical Supply Chain Attack on PyTorch

Posted Jan 15, 2024 19:45 UTC (Mon) by ewen (subscriber, #4772)
Parent article: Stawinski: How We Executed a Critical Supply Chain Attack on PyTorch

The related December 2023 article, by another of the collaborators, linked from the article above, also has lots of good detail on the risks of persistent CI action runners that aren’t fully locked down:

https://adnanthekhan.com/2023/12/20/one-supply-chain-atta...

And includes a list of several projects where they found problems. Of which PyTorch was just the first in the list.

Ewen

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds