skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Ultralytics AI Library Versions Contain Malicious Cryptocurrency Miner

/ 1 min read

Ultralytics AI library compromised in supply chain attack. Two versions of the popular Python AI library, ultralytics (8.3.41 and 8.3.42), were found to contain malicious code that deployed a cryptocurrency miner, leading to increased CPU usage for users. The compromised versions have been removed from the Python Package Index (PyPI), and a new version has been released to secure the publication workflow. The attack exploited a vulnerability in the build environment, allowing unauthorized modifications post-code review. Security experts warn that while the current threat involved a miner, more severe malware could potentially be introduced in the future. Users are advised to update to the latest version to mitigate risks.