Google Cloud Vertex AI SDK flaw allowed model hijacking and code execution
The attack exploited a weakness in how the SDK selected temporary Cloud Storage buckets for model uploads.
20 articles
The attack exploited a weakness in how the SDK selected temporary Cloud Storage buckets for model uploads.
The attack involved the compromise of an npm account, which then mass-published over 140 malicious packages under the Mastra scope.
The change, announced to developers, will move anonymously generated email addresses to a new domain, @private.icloud.
Check Point Research reported that in May 2026, the hospitality, travel, and recreation sector faced an average of 2,291 weekly cyberattacks per organization...
Malicious build scripts deploy a Rust-based infostealer and eBPF rootkit.
A coordinated malware campaign on the JetBrains Marketplace has been uncovered by Aikido Security, with at least 15 plugins published under seven vendor acco...
Here’s how security teams can turn the dark web to their advantage.
AI-powered attackers are turning trust into a core cyberattack target.
Cybercriminals increasingly use VPNs and residential proxy networks to mask malicious activity, making traditional IP reputation and blocklist approaches les...
The Windows variants, WIN_DRV and WIN_PLUS, retain the core architecture of their Linux predecessor, including command-and-control (C2) protocols and encrypt...
Ceros aims to provide visibility and control over AI agents by logging every session, including the user and device involved.
Kaspersky researchers have identified that malicious actors are exploiting the Steam Workshop platform, specifically through the Wallpaper Engine application...
To enforce the ban, social media platforms will be required to implement age verification for new users, likely through ID uploads or facial age scans.
The attackers send emails designed to raise alarm about potential account compromise and OTP abuse, tricking recipients into opening an attachment, according...
The DragonForce ransomware operation, active since 2023 and linked to the Scattered Spider threat group, has employed custom Go-based malware dubbed "Backdoo...
GhostTree leverages NTFS junctions, a file system feature that allows one directory to point to another.
The National Testing Agency announced the restrictions on Tuesday, aiming to disrupt cheating networks that allegedly use Telegram to sell fake exam papers a...
The researcher, known as BobDaHacker, said they exploited a flaw in FIFA's back-end API by registering as a player agent.
SailPoint, known for its platform that manages employee access to applications, announced the acquisition of Entro Security without disclosing financial term...