https://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattingContinuously updated, source-cited coverage. https://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattinghttps://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squatting#u17129Mon, 29 Jun 2026 09:46:31 +0000A vulnerability in the Google Vertex AI Python SDK permits attackers to hijack machine learning model uploads. This flaw enables remote code execution within Google serving infrastructure. The issue is characterized as a Pickle in the Middle attack.What's confirmed:The Google Vertex AI Python SDK flaw allows attackers to hijack machine learning model uploads.The vulnerability enables the execution of code within Google serving infrastructure.Palo Alto Networks Unit 42 discovered the bug and reported it via a bug bounty program.Still unconfirmed:The vulnerability is known as a Pickle in the Mid https://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattinghttps://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squatting#u12363Thu, 25 Jun 2026 05:26:27 +0000A flaw in the Google Cloud Vertex AI Python SDK allowed attackers to hijack machine learning model uploads. This vulnerability enabled the execution of code within Google serving infrastructure. Palo Alto Networks Unit 42 discovered the bug and reported it via a bug bounty program.What's confirmed:Palo Alto Networks Unit 42 discovered the flaw and reported it through Google's bug bounty program.The vulnerability allowed an attacker without project access to run code inside Google serving infrastructure by hijacking model uploads.Still unconfirmed:Palo Alto Networks Unit 42 stated it saw n https://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattinghttps://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squatting#u8445Mon, 22 Jun 2026 14:11:19 +0000A vulnerability in the Google Cloud Vertex AI Python SDK allowed attackers to execute arbitrary code within Google serving infrastructure. This was achieved through bucket squatting using predictable staging bucket names. Google fixed the issue in SDK version 1.148.0.What's confirmed:The flaw allowed for remote code execution inside Google AI serving infrastructure.The vulnerability was resolved in SDK version 1.148.0.Attackers could intercept model uploads by pre-creating predictable Vertex AI staging buckets.Still unconfirmed:The vulnerability led to model poisoning and credential theft.SDK https://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattinghttps://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squatting#u4812Fri, 19 Jun 2026 17:21:48 +0000A vulnerability in the Google Cloud Vertex AI Python SDK allowed attackers to hijack machine learning model artifacts. This flaw enabled remote code execution within Google serving infrastructure. Google resolved the issue in SDK version 1.148.0.What's confirmed:The flaw affected the Google Cloud Vertex AI SDK for Python.Attackers could hijack model uploads and run code inside Google serving infrastructure.Google patched the vulnerability in version 1.148.0 or later.The fix introduced randomized bucket naming and explicit bucket ownership verification.Still unconfirmed:Attackers used a victim& https://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattinghttps://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squatting#u3844Thu, 18 Jun 2026 22:36:28 +0000A critical vulnerability in the Google Cloud Vertex AI SDK for Python enabled attackers to hijack model uploads. This flaw could lead to remote code execution across tenants. Google has released a patch to fix the issue.What's confirmed:Google patched a flaw in the Vertex AI SDK for Python that allowed attackers to hijack model uploads.The vulnerability could enable remote code execution across tenants.Still unconfirmed:Broad default permissions in the Vertex AI suite allowed Palo Alto Networks' Unit 42 to access credentials and restricted Google-owned Artifact Registry images.Customer da https://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squattinghttps://www.live-feeds.com/feed/google-vertex-ai-sdk-flaw-let-attackers-hijack-model-uploads-via-bucket-squatting#u3269Thu, 18 Jun 2026 12:27:51 +0000A vulnerability in the Google Cloud Vertex AI SDK for Python allowed attackers to hijack machine learning model uploads. This flaw, dubbed Pickle in the Middle, could enable remote code execution within Google serving infrastructure. Google has released a patch to address the issue.What's confirmed:Palo Alto Networks Unit 42 discovered the vulnerability and reported it via Google's bug bounty program.The flaw allowed attackers to run code in Google's serving infrastructure without requiring access to the victim's project.Attackers only needed their own Google Cloud project and t