URL has been copied successfully!
Ultralytics Supply-Chain Attack
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Ultralytics Supply-Chain Attack

by

Andy Stern
in

Tags: , , , , ,

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:

On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­”, which has almost 60 million downloads”, was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection. Lots more details at that link. Also …

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2024/12/ultralytics-supply-chain-attack/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
  2. 8 biggest cybersecurity threats manufacturers face
  3. Supply chain compromise of Ultralytics AI library results in trojanized versions
  4. Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight