MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
pypi
Search

Supply-chain attack analysis: Ultralytics (PyPI Blog)

Thursday December 12, 2024. 05:26 PM , from LWN.net
The Python Package Index (PyPI) Blog has an analysis
of the compromise of
the ultralytics
project, and what PyPI has learned from this event:

PyPI staff and volunteers do their best to remove malware, but
because the service is open to anyone looking to publish software
there is an unfortunately high amount of abuse. Thankfully most of
this abuse does not have the same widespread impact as a targeted
attack on an already widely-used project.

Mike Fiedler, the PyPI Safety and Security Engineer is working on
new systems for reducing the time that malware is available to be
installed on PyPI, through APIs
that security researchers can automatically send reports to and
new 'quarantine'
release status to prevent harm while a human investigates the
situation. Expect more in this space in 2025!
Read more at LWN.net
https://lwn.net/Articles/1001909/

Related News

pypi Billionaire founder of fashion chain falls and dies while hiking in Spain BoingBoingDec 17
blog Stripper goes berserk, stabs DJ at Portland club in brutal attack (video) BoingBoingDec 17
attack 2025 is set to bring changes in technology adoption and the evolving attack surface BetaNewsDec 15
ultralytics Yearlong Supply-Chain Attack Targeting Security Pros Steals 390,000 Credentials SlashdotDec 14
analysis The US Military is Now Talking Openly About Going On the Attack in Space SlashdotDec 13
abuse California DMV sorry for issuing vanity plate mocking October 7 attack on Israel BoingBoingDec 13
security Google Gemini 2.0 Flash comes out with real-time conversation, image analysis TheRegisterDec 11
project Lady feeds bovine and gets a surprise tongue attack BoingBoingDec 11
supply-chain 3 takeaways from the Ultralytics AI Python library hack InfoWorldDec 11
malware US names Chinese national it alleges was behind 2020 attack on Sophos firewalls TheRegisterDec 11
pypi Fully patched Cleo products under renewed 'zero-day-ish' mass attack TheRegisterDec 10
blog Containers are a weak link in supply chain security BetaNewsDec 10
attack Mysterious outbreak with high fatality rate in the DRC could imperil tech supply chains TheRegisterDec 9
ultralytics Supply chain compromise of Ultralytics AI library results in trojanized versions InfoWorldDec 9
analysis OpenWrt orders router firmware updates after supply chain attack scare TheRegisterDec 9
abuse In-depth analysis of Grand Theft Auto V's power infrastructure BoingBoingDec 9
security Abusing Git branch names to compromise a PyPI package LWN.netDec 6
project ‘Tis the Season for COSMIC Alpha 4! (System76 Blog) LWN.netDec 5
supply-chain This sneaky phishing attack is a new take on a dirty old trick PC WorldDec 5
malware South Korea’s political unrest threatens the stability of global tech supply chains ComputerWorldDec 5
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Dec, Wed 18 - 18:50 CET