TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

By rooter

A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure.

Palo Alto Networks Unit 42, which found and reported the bug through Google’s bug bounty program, calls the technique “Pickle in the Middle” and said it saw no exploitation in the wild.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

AI is Not Solving Cybersecurity Burnout Yet, New ISSA and Omdia Research Warns

rooter
Cyber Security

SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection

rooter
Cyber Security

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

rooter

Leave a Reply

You Missed

News

US approval of Paramount/Warner Bros. deal surprised DOJ lawyers, report says

News

OpenAI Is Growing Fast. Its Losses Are Growing Faster

News

Tesla’s Cybercab May Be Its Most Efficient EV Yet, Despite a Very Slow Rollout of Its Robotaxi Service

Cyber Security

AI is Not Solving Cybersecurity Burnout Yet, New ISSA and Omdia Research Warns