对攻击者保持视野领先:从漏洞情报到「扩展漏洞情报」
随着漏洞大爆发时代的来临以及黑产、暗网交易等盛行,如何以更全面、更有针对性的漏洞情报帮助企业在与攻击者的较量中占据高位,成为了业界关注的重点课题之一。在FCIS 2024网络安全创新大会上,斗象科技C
Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary:
On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig coinminer. The compromise of the project’s build environment was achieved by exploiting a known and previously reported GitHub Actions script injection.
Lots more details at that link. Also ...
The post Ultralytics Supply-Chain Attack appeared first on Security Boulevard.