August 26, 2024 at 07:30AM Cybersecurity researchers have identified over 20 vulnerabilities in machine learning (ML) software supply chain, posing severe risks like arbitrary code execution and dataset loading. These affect MLOps platforms and ML libraries, like MLFlow and Seldon Core, enabling attackers to execute code and move laterally. The disclosure emphasizes the need for … Read more
August 3, 2024 at 03:41PM SLUBStick, a novel Linux Kernel cross-cache attack, has a 99% success rate in escalating privileges and escaping containers by exploiting a heap vulnerability. It works with modern kernel defenses and will be presented at the upcoming Usenix Security Symposium. The attack provides benefits to attackers, including privilege escalation and container … Read more
February 4, 2024 at 10:39AM “Leaky Vessels” vulnerabilities were discovered by Snyk security researcher, allowing hackers to escape containers and access underlying system data. No active exploitation was found, but impacted parties are advised to apply available security updates promptly. The flaws affected runc and Buildkit, impacting Docker, Kubernetes, and more. Patched versions were released … Read more