Critical PickleScan Vulnerabilities Expose AI Model Supply Chains
3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
3 critical zero-day flaws in PickleScan, affecting Python and PyTorch, allowed undetected attacks
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack
Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.
The flaw resides in the tarfile module, automatically installed in any Python project