Yes, #malcontent detected all iterations of the "ultralytics" supply-chain attack. The attackers weren't trying hard to be sneaky, so anyone looking should have detected it, but few are. #supplychainsecurity
=> More informations about this toot | More toots from thomrstrom@triangletoot.party
@thomrstrom
The sneaky part of the #ultralytics attack was how it got in in the first place, via a weird branch name that got interpreted by Github Actions as something to be expanded and then executed in the CI. The branch didn't even change any files!
=> More informations about this toot | More toots from w8emv@mastodon.radio This content has been proxied by September (3851b).Proxy Information
text/gemini