#pytorch

[ follow ]
fromZero Day Initiative
1 week ago

Zero Day Initiative - CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin

For Developers: * Never use pickle for untrusted data: This cannot be emphasized enough. * Never assume checkpoint files are safe: Checkpoint deserialization is vulnerable to supply chain attacks. * Always use weights_only=True when using PyTorch's load functions. * Restrict to trusted classes: Restrict deserialization to only trusted classes. * Implement defense in depth: Don't rely on a single security measure. * Consider alternative formats: Safetensors, ONNX, or other secure serialization formats should all be considered.
Information security
Typography
fromHackernoon
6 months ago

Accelerating Neural Networks: The Power of Quantization | HackerNoon

Quantization reduces the memory and computational demands of neural networks by converting floating-point numbers to lower-precision integers.
[ Load more ]