CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
note

⚓ [MT4 x Python] ZMQ Integration to Break Through the Limits of Automated Trading: A Record of Opening a Direct Pipeline to Build a 'Foundation for Verification' in a Legacy ...

🧭 Prologue: Why Return to the Old-Generation 'MT4' Now? We at 'Semura Lab' have always pursued the optimal and most powerful system environment to cross the sea of information and extract profits ...
theblock

Researchers flag TrapDoor malware campaign targeting crypto developer environments including Aptos, Sui and Solana

The TrapDoor malware campaign has targeted crypto developer environments tied to Aptos, Sui, and Solana through more than 34 malicious packages and over 384 related versions across npm, PyPI, and ...
Ubuntu

How to Fix Copy Fail (CVE-2026-31431) Vulnerability on Ubuntu and Linux Mint

On April 29, 2026, security researchers at Theori and Xint Code publicly disclosed CVE-2026-31431, a Linux kernel privilege escalation vulnerability they named Copy Fail. Any unprivileged local user ...
The Free Press Journal

New 'Copy Fail' Flaw In Linux Kernel Lets Any Local User Seize Root Access: Here's How To Fix It

Tracked as CVE-2026-31431 with a CVSS score of 7.8, Copy Fail was uncovered and named by researchers at Xint.io and Theori. The flaw allows an unprivileged local user to write four controlled bytes ...
heise online

"Copy Fail": Linux root in all major distributions with 732 bytes of Python

IT researchers have discovered a vulnerability in the Linux kernel that attackers can exploit to gain root privileges. The discoverers have named the vulnerability “Copy Fail.” Virtually all Linux ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...
CNX Software

pyDrone – An ESP32-S3 drone running MicroPython firmware

There are already many cheap ESP32 drones on AliExpress, or you can even make an ESP32 DIY drone for about $12, but 01Studio’s pyDrone is a little different as it’s based on an ESP32-S3-WROOM-1 module ...
TechRadar

Gmail servers hijacked by malicious PyPI packages to spread havoc - here's how to stay safe

Cybersecurity researchers Socket, who found the packages, reported them to the Python repository and thus helped get them removed from the platform - however the damage has already been done.
The Hacker News

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render ...
IEEE

Networked Mobile Robots for Smart Agriculture

Abstract: Amidst the dynamic landscape of agriculture, the integration of robotic technologies emerges as a transformative force. This paper unveils a robotic plant health monitoring and intervention ...