The attackers compromised legitimate xinference releases rather than publishing a typosquat package, embedding malicious code directly into xinference/init.py. This ensures execution whenever the package is imported, including during application startup or dependency resolutio...
The attackers compromised legitimate xinference releases rather than publishing a typosquat package, embedding malicious code directly into xinference/init.py. This ensures execution whenever the package is imported, including during application startup or dependency resolutio...
Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/xinference-compromised-in-supply-chain-attack