Ultralytics AI model hijacked to infect thousands with cryptominer

Somewhat tangentially, I really dislike that Ultralytics (and others) started slapping higher version numbers of their YOLO variants. Redmon used the numbering scheme v2 and v3 for his improvements on his original model. But Ultralytics' 11 is it's own thing with no connection to Redmon. I just think it gives a misleading impression of what the history is.

Google Collab banned affected users.<p>I wonder how that&#x27;s going to be resolved, of if Google will just do their usual and make it close to impossible to appeal and get unbanned.

Serendipitously comes one day after this story[1] was on the front page: at least one Debian maintainer failing to realize the risks of non-alphanumeric usernames. &quot;What could go wrong?&quot; Well, here&#x27;s Git allowing branch names to contain dollar signs, backticks, etc., because &quot;what could go wrong?&quot;... and... well, this could.<p><i>Names</i> are <i>identifiers</i>. Allowing identifiers to contain anything besides identifier characters merely opens new and weird attack vectors.<p>[1] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=42338134">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=42338134</a>

This appears to be a code injection in a PR branch name, not an AI model compromise..

&gt; Ultralytics tools are open-source and are used by numerous projects spanning a wide range of industries and applications.<p>Open source and popular doesn&#x27;t necessarily mean safe.<p>Technically you can read the code source but no one does that and especially for each update.