AI Library Ultralytics Hit by Crypto Mining Malware in Supply Chain Attack
Security researchers uncovered cryptocurrency mining malware embedded in two versions of the popular Ultralytics AI library on PyPI. The sophisticated attack exploited GitHub Actions to inject malicious code, prompting urgent calls for users to upgrade to the latest secure version.
Malicious GitHub Commits Target Security Researcher in Identity Fraud Attack
Multiple open-source projects on GitHub were compromised by unauthorized code commits falsely attributed to security researcher Stephen Lacy. The attack exploited commit verification weaknesses to damage the researcher's reputation, prompting GitHub to investigate and the community to implement stricter authentication measures.
Critical Backdoor Attempt Detected in ExoLabs GitHub Repository
A malicious pull request containing backdoor code was discovered in the popular ExoLabs GitHub repository, highlighting the growing threat of supply chain attacks. The incident serves as a crucial reminder for maintainers to implement strict code review protocols and security measures.