TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack

TensorFlow Supply Chain Compromise via Self-Hosted Runner Attack

| | CI/CD Security, TensorFlow
Introduction With the recent rise and adoption of artificial intelligence technologies, open-source frameworks such as TensorFlow are prime targets for attackers seeking to conduct software supply chain attacks. Over the last several years, Praetorian engineers have become adept at performing highly complex attacks on GitHub Actions CI/CD environments, designing proprietary ... Read More
Understanding the Impact of the new Apache Struts File Upload Vulnerability

Understanding the Impact of the new Apache Struts File Upload Vulnerability

Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a 9.8 CVSS score. No doubt this is causing some security practitioners to have flashbacks of the “good times” ... Read More
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability

SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability

Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we were looking at the list of available OVA appliances from SonicWall and identified the WXA appliance image was ... Read More