![Supply chain compromise of Ultralytics AI library results in trojanized versions [Video]](https://aimarketingshowcase.com/wp-content/uploads/2024/12/mp_561226_0_36191590893680001733528452softwaredevelopmentlifecycledevelopersprogrammerscodingcodebyromansamborskyishutterstock1536573386royaltyfreedigitalonly2400x1600100890352origjpg.jpg)
Attackers exploited a script injection vulnerability via GitHub Actions to inject malicious code during the automated build process, poisoning the resulting packages of the popular Python library.
Credit: Roman Samborskyi / Shutterstock
Attackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.
According to researchers from ReversingLabs, the attackers leveraged a known exploit via GitHub Actions to introduce malicious code during the automated build process, therefore bypassing the usual code review process. As a result, the code was present only in the package pushed to PyPI and not in the code repository on GitHub.
The trojanized version of Ultralytics on PyPI (8.3.41) was published on Dec. 4. Ultralytics developers were alerted Dec. 5, …
![TikTok U.S. Ban and Its Impact on Users [Video]](https://aimarketingshowcase.com/wp-content/uploads/2025/01/mp_578273_0_gettyimages2081068441678ae925418fejpg.jpg)
![Nokia and Lenovo A partnership driving advancements in data center solutions for the AI era [Video]](https://aimarketingshowcase.com/wp-content/uploads/2024/10/mp_537959_0_hqdefault385jpg.jpg)
![Samsung Galaxy S24 Ultra review: The best big phone gets a new brain [Video]](https://aimarketingshowcase.com/wp-content/uploads/2024/01/mp_391935_0_samsunggalaxys24ultracnnu005jpg.jpg)
