Episode 413 - PyTorch and NPM get attacked, but it's OK

Josh and Kurt talk about an attack against PyTorch and NPM. The PyTorch attack shows the difficulty of trying to operate a large open source project. The NPM problem is one of the difficulty in trying to backdoor open source. A lot of people are watching and it only takes one person to notice a problem and we all benefit. Show Notes Peanut Butter the dog plays Gyromite The Wizard movie PyTorch supply chain attack npm Package Found Delivering Sophisticated RAT Deceptive Deprecation: The Truth About npm Deprecated Packages Changing a lightbulb Spelunking the Bitcoin Blockchain with Josh Bressers | CypherCon 4.0 Operation Triangulation - What You Get When Attack iPhones of Researchers 9th Annual State of the Software Supply Chain

NOW PLAYING

0:00 35:19

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

58 ~ The end of an era, goodbye Held 🧚🏻‍♀️ 🐍 🐎

Feb 18, 2026 ·26m

Episode 5 – AI-AI-Oh…

Jul 24, 2025 ·73m

Episode 4 – Our BSides A-game

Nov 3, 2024 ·52m

Episode 3 – Artificial Red No.3

Sep 26, 2024 ·67m

Episode 2 – On Ground at DEF CON 32

Sep 16, 2024 ·139m

Episode 1 – Naima & Nathan

Aug 14, 2024 ·76m

Similar Podcasts

Technado (Archived) ACI Learning The Technado crew covers a whirlwind of tech topics each week from interviews with industry experts and up-and-coming companies to commentary on topics like security, vendor certifications, networking, and just about anything IT related. Explicit TCAST: The Future of Data & AI TARTLE The Data Intelligence Podcast (TCAST) explores the intersection of AI, data privacy, and ethical technology. Join Alexander McCaig and Jason Rigby as they decode the future of data ownership, artificial intelligence, and digital privacy with industry leaders, researchers, and innovators.Each episode delivers actionable insights on:AI and machine learning developmentsData privacy and ownership strategiesEthical technology implementationReal-world applications of data intelligenceFuture trends in digital identity and data marketplacesPerfect for tech leaders, data scientists, privacy advocates, and forward-thinking professionals looking to understand and shape the future of data and AI.Presented by TARTLE, pioneers in ethical data exchange and AI enhancement. New episodes every week.The show is hosted by Co-Founder and Source Data Pioneer Alexander McCaig and Head of Conscious Marketing Jason Rigby.What's your data worth? Find out at (https://tartle.co/)Watch the podcast on Yo Explicit Techlore Surveillance Report Techlore Techlore Surveillance Report is your weekly deep-dive into the privacy and security news that matters for your digital freedom. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode cuts through the noise to bring you carefully selected stories with the context, analysis, and historical perspective you need to truly understand what's happening to protect yourself (and others!) in the digital space.Topics covered include:• Privacy tool updates and vulnerabilities• Data breaches and cybersecurity incidents• Surveillance technology and government overreach• Big Tech privacy policies and practices• Encryption and security standards• Digital rights legislation and court cases• Open-source software developments• Corporate data practices and accountabilityWhether you're a beginner trying to stay informed or a seasoned expert tracking the ecosystem, Surveillance Report has Explicit BellingChat Bellingcat Join the Bellingcat team as they discuss their latest work for Bellingcat, open source investigation, and their takes on recent news stories. For more information on BellingChat and our investigations please visit www.bellingcat.comTo support our work and to access exclusive content please donate via www.patreon.com/bellingcat Explicit

Frequently Asked Questions

How long is this episode of Open Source Security?

This episode is 35 minutes long.

When was this Open Source Security episode published?

This episode was published on January 29, 2024.

What is this episode about?

Can I download this Open Source Security episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!