One Article Review
| Source |  Schneier on Security |
|---|---|
| Identifiant | 8624644 |
| Date de publication | 2024-12-13 16:33:58 (vue: 2024-12-13 17:07:44) |
| Titre | Ultralytics Supply-Chain Attack |
| Texte | Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:
On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.
Lots more details at that link. Also ...
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection. Lots more details at that link. Also ... |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | —which achieved actions against almost also attack build chain code coinminer compromise contained december details downloader downloading downloads—was environment exploiting github has index injection known last library link lots malicious million more package popular previously project’s published pypi python quick reported repository saw script summary: supply ultralytics version week xmrig |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.