National Cyber Warfare Foundation (NCWF)

Ultralytics Supply-Chain Attack
0 user ratings		2024-12-13 16:39:59
milo
Blue Team (CND)
 - archive -- 

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:



On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.



Lots more details at that link. Also ...


The post Ultralytics Supply-Chain Attack appeared first on Security Boulevard.



Bruce Schneier

Source: Security Boulevard
Source Link: https://securityboulevard.com/2024/12/ultralytics-supply-chain-attack/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.