PyTorch discloses malicious dependency chain compromise over holidays

PyTorch has identified a malicious dependency with the same name as the framework's'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counterfeit'torchtriton' dependency. From computer vision to natural language processing, the open source machine learning framework PyTorch has gained prominence in both commercial and academic realms. Between December 25th and December 30th, 2022, users who installed PyTorch-nightly should ensure their systems were not compromised, PyTorch team has warned.