Loading...
Loading...
Browse all stories on DeepNewz
VisitUltralytics AI Library and 'aiocpa' Python Package Compromised for Cryptocurrency Mining
Dec 7, 2024, 09:51 AM
Two versions of the popular Python AI library, Ultralytics, specifically versions 8.3.41 and 8.3.42, have been compromised to deliver cryptocurrency miners to users. The compromised packages, which include the home of yolov8 and yolo11, were found on the Python Package Index (PyPI). This breach has potentially affected thousands of users, including those using ComfyUI through the custom node ComfyUI-Impact-Pack. The incident has raised concerns over software supply chain security in the AI and machine learning community. Additionally, another Python package, 'aiocpa', was exposed as a cryptocurrency infostealer.
View original story
Markets
Yes • 50%
No • 50%
Public statements from AI/ML companies or news reports
No • 50%
Yes • 50%
Official announcements from PyPI or related news articles
Yes • 50%
No • 50%
Official announcements from Ultralytics or updates on the PyPI repository
No major response • 25%
Increased security audits • 25%
Adoption of alternative libraries • 25%
Formation of a security consortium • 25%
Industry reports, news articles, and official announcements
AI/ML library • 25%
Web development library • 25%
Data analysis library • 25%
Other category of library • 25%
News reports and security bulletins
Other methods • 25%
Malicious code injection • 25%
Credential theft • 25%
Dependency confusion • 25%
Security research publications and news articles