Picklescan flaws allowed attackers to bypass scans and execute hidden code in malicious PyTorch models before the latest patch.