Dependency Confusion: How Hackers Infiltrate Internal Tools
Understanding Dependency Confusion attacks where public packages override private internal libraries. How to secure requirements.txt.
6 docs tagged with "supply-chain"
View all tagsEnvironment Variable Leaks: The Danger of .env and .pypirc
Why committing .env files is a security sin, and how .pypirc leaks lead to supply chain attacks via malicious package uploads.
Git LFS Pointer Attacks: The Fake Model Exploit
How attackers use Git LFS pointers to trick users into downloading fake models or malicious blobs. Verifying integrity with Veritensor.
Hugging Face Token Exposure: The Supply Chain Risk
Why leaking a Hugging Face 'Write' token is dangerous. Understanding Model Poisoning and supply chain attacks.
PyTorch Malware: Why torch.load is Unsafe
PyTorch models (.pt/.pth) use Pickle under the hood. Learn how attackers hide malware in model weights and how to detect it.
Typosquatting in Python: One Typo, Total Compromise
How attackers exploit simple typing errors in requirements.txt to install malware. Detecting 'tourch', 'reqests', and other malicious PyPI packages.