Malicious code injection by compromised pull request branch names
Malicious code injection by compromised pull request branch names

Discrepancy between what's in GitHub and what's been published to PyPI for v8.3.41 · Issue #18027 · ultralytics/ultralytics

Presumably they picked the repo because it will auto-merge MRs if they pass testing even without human approvals. Glad they caught it and good work to everyone involved, but I'm gonna file this one under my "fuck around, find out" folder.