Threats Tagged 'python'

A malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]

A sophisticated supply chain attack leverages typosquatting of the legitimate postcss-selector-parser npm package, which receives over 150 million weekly downloads. Three malicious packages published by user 'abdrizak' masquerade as PostCSS utilities while delivering a multi-stage Windows RAT. The infection chain begins with encoded JavaScript that drops PowerShell scripts, which then download a bundled Python runtime containing Nuitka-compiled modules. The final payload implements comprehensive RAT capabilities including HTTP C2 communication with RC4 encryption, registry persistence, VM detection, remote shell execution, file transfer, and Chrome credential theft using DPAPI and app-bound decryption. The attack demonstrates how build tooling dependencies can serve as delivery mechanisms for sophisticated Windows malware targeting developer environments.

Unit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE appeared first on Unit 42 .

Bulletin ID: AWS-2025-028 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/10 10:15 AM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2025-12967, an issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS JDBC Wrapper <2.6.5 - AWS Go Wrapper <2025-10-17 - AWS NodeJS Wrapper <2.0.1 - AWS Python Wrapper <1.4.0 - AWS ODBC driver <1.0.1

This threat discussion focuses on the risk posed by forgotten or 'zombie' cloud infrastructure assets that remain in an environment but are no longer in production. These zombie assets increase the attack surface and cyber risk for organizations while also contributing to unnecessary cloud costs. The described solution, Tenable Hexa AI, uses agentic AI to identify and eliminate these forgotten cloud assets, thereby reducing risk and cost. There is no indication of an active exploit or vulnerability in this data, rather it highlights a security risk related to cloud asset management.