San Francisco, December 9, 2024 –Popular Python AI library Ultralytics was hacked, injecting crypto miners into two versions. Developers must update immediately to avoid further exploitation.
In a shocking development, the trusted Ultralytics AI library, widely used for artificial intelligence projects, has been compromised in a major supply chain attack.
Two versions of the library (8.3.41 and 8.3.42), available on PyPI, were found to include a hidden cryptocurrency miner, sparking widespread concern across the AI and developer communities.
The malicious code, embedded via a GitHub Actions Script Injection, hijacked CPU resources of unsuspecting users to mine cryptocurrency, a clear violation of trust in the open-source ecosystem. The project maintainer, Glenn Jocher, admitted that :
unauthorized modifications slipped into the deployment workflow, compromising users globally.
Hackers exploited a vulnerability in the build environment to inject the XMRig mining malware, raising alarms about the potential for more sinister payloads like backdoors or remote access trojans (RATs). Security expert Karlo Zanki noted:
This attack underscores the critical need for stringent security measures in build workflows. The damage could have been catastrophic.
Thousands of developers, relying on Ultralytics for AI solutions, reported abrupt spikes in CPU usage. Fortunately, a security fix has been implemented, and the compromised versions have been removed. However, the incident serves as a grim reminder of the fragility of supply chain security in the digital era.
Users are urged to immediately update to the latest version and review their systems for anomalies. This breach adds to the growing list of software supply chain attacks targeting open-source libraries.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
