SDxCentral

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models

Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the ...
CSOonline

A pickle in Meta’s LLM code could allow RCE attacks

AI frameworks, including Meta’s Llama, are prone to automatic Python deserialization by pickle that could lead to remote code execution. Meta’s large language model (LLM) framework, Llama, suffers a ...
Opinion

The Code Sovereignty Paradox: Why AI Productivity Is Creating A Security Debt Crisis

Sovereign factory AI is the starting point for a secure coding assistant. Enterprises need to embrace a data-first security approach, one that protects sensitive information at the point of retrieval ...
Dark Reading

What You Need to Know About Arbitrary Code Execution Vulnerabilities

They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT — the United States Computer Emergency Readiness Team, a part of the ...
CSOonline

Cursor’s autorun lets hackers execute arbitrary code

Oasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a disclosure ...