Dark Reading

'Sleepy Pickle' Exploit Subtly Poisons ML Models

Researchers have concocted a new way of manipulating machine learning (ML) models by injecting malicious code into the process of serialization. The method focuses on the "pickling" process used to ...
Infosecurity-magazine.com

Malicious Machine Learning Model Attack Discovered on PyPI

A new campaign exploiting machine learning (ML) models via the Python Package Index (PyPI) has been observed by cybersecurity researchers. ReversingLabs said threat actors are using the Pickle file ...
The Hacker News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google fixed a Vertex AI SDK flaw in v1.148.0 after Unit 42 showed bucket squatting could enable model hijacking and code ...
Infosecurity-magazine.com

Critical PickleScan Vulnerabilities Expose AI Model Supply Chains

Three critical zero-day vulnerabilities affecting PickleScan, a widely used tool for scanning Python pickle files and PyTorch models, have been uncovered by cybersecurity researchers. The flaws, all ...
TechRepublic

Top Python AI and Machine Learning Libraries

Learn about some of the best Python libraries for programming artificial Intelligence, machine learning, and deep learning. A lot of software developers are drawn to Python due to its vast collection ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...