News from the AI & ML world

DeeperML - #vulnerability

@medium.com //

Google Quantum Leap Cracking RSA Keys Faster - Google Quantum AI study suggests RSA cracking may be possible with fewer qubits, impacting digital security, and they are also working on AI email tool.
Google Quantum AI has published a study that dramatically lowers the estimated quantum resources needed to break RSA-2048, one of the most widely used encryption standards. The study, authored by Craig Gidney, indicates that RSA cracking may be possible with fewer qubits than previously estimated, potentially impacting digital security protocols used in secure web browsing, email encryption, VPNs, and blockchain systems. This breakthrough could significantly accelerate the timeline for "Q-Day," the point at which quantum computers can break modern encryption.

Previous estimates, including Gidney's 2019 study, suggested that cracking RSA-2048 would require around 20 million qubits and 8 hours of computation. However, the new analysis reveals it could be done in under a week using fewer than 1 million noisy qubits. This reduction in hardware requirements is attributed to several technical innovations, including approximate residue arithmetic, magic state cultivation, optimized period finding with Ekerå-Håstad algorithms, and yoked surface codes & sparse lookups. These improvements minimize the overhead in fault-tolerant quantum circuits, enabling better scaling.

Google's researchers have discovered that, thanks to new error correction tricks and smarter algorithms, the encryption could be broken with under 1 million qubits and in less than a week, given favorable assumptions like a 0.1% gate error rate and a 1-microsecond gate time. This significantly faster encryption breaking capability, potentially 20x faster than previously anticipated, raises concerns about the security of Bitcoin wallets and other financial systems that rely on RSA encryption. The findings could potentially make Bitcoin wallets and financial systems vulnerable much sooner than expected.

Recommended read:
References :
  • medium.com: Last week, Craig Gidney from Google Quantum AI published a breakthrough study that redefines the landscape of cryptographic security. His 
  • www.theguardian.com: Google working on AI email tool that can ‘answer in your style’
  • The Official Google Blog: We’re investing for a cleaner energy future with TAE Technologies, a leading nuclear fusion company.
  • medium.com: Google’s quantum leap just changed everything: They can now break encryption 20x faster than 
@thecyberexpress.com //

Critical OpenPGP.js Vulnerability Lets Attackers Spoof Signatures - A critical vulnerability (CVE-2025-47934) has been discovered in OpenPGP.js, allowing message signature spoofing, and users are advised to upgrade to versions 5.11.3 or 6.1.1.
A critical security vulnerability has been discovered in OpenPGP.js, a widely used JavaScript library that implements the OpenPGP standard for email and data encryption. Tracked as CVE-2025-47934, the flaw allows attackers to spoof both signed and encrypted messages, effectively undermining the trust inherent in public key cryptography. Security researchers from Codean Labs, Edoardo Geraci and Thomas Rinsma, discovered that the vulnerability stems from the `openpgp.verify` and `openpgp.decrypt` functions, and it essentially undermines the core purpose of using public key cryptography to secure communications.

The vulnerability impacts versions 5.0.1 to 5.11.2 and 6.0.0-alpha.0 to 6.1.0 of the OpenPGP.js library. According to an advisory posted on the library's GitHub repository, a maliciously modified message can be passed to one of these functions, and the function may return a result indicating a valid signature, even if the message has not been legitimately signed. This flaw affects both inline signed messages and signed-and-encrypted messages. The advisory also states that to spoof a message, an attacker needs a single valid message signature along with the plaintext data that was legitimately signed. They can then construct a fake message that appears legitimately signed.

Users are strongly advised to upgrade to versions 5.11.3 or 6.1.1 as soon as possible to mitigate the risk. Versions 4.x are not affected by the vulnerability. While a full write-up and proof-of-concept exploit are expected to be released soon, the current advisory offers enough details to highlight the severity of the issue. The underlying problem is that OpenPGP.js trusts the signing process without properly verifying it, leaving users open to having signed and encrypted messages spoofed. This vulnerability allows message signature verification to be spoofed.

Recommended read:
References :
  • The Register - Software: Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
  • thecyberexpress.com: A flaw has been discovered in OpenPGP.js, a widely used JavaScript library for OpenPGP encryption. Tracked as CVE-2025-47934, the vulnerability allows threat actors to spoof both signed and encrypted messages, effectively undermining the very foundation of trust in public key cryptography.
  • Security Affairs: A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have been released to address the flaw. OpenPGP.js is an open-source JavaScript library that implements the OpenPGP standard for email and data encryption.
  • www.csoonline.com: Critical flaw in OpenPGP.js raises alarms for encrypted email services
  • www.techradar.com: Researchers found a bug that allowed malicious actors to spoof messages. Users are advised to patch up.
  • securityaffairs.com: A critical flaw in OpenPGP.js lets attackers spoof message signatures; updates have been released to address the flaw.
  • securityaffairs.com: A critical flaw in OpenPGP.js lets attackers spoof message signatures
@Talkback Resources //

Critical Langflow Flaw Exploited, Added to CISA KEV List - A critical security flaw in Langflow (CVE-2025-3248) allows unauthenticated remote code execution, prompting CISA to add it to the KEV catalog.
A critical security vulnerability in Langflow, an open-source platform used for building agentic AI workflows, is under active exploitation, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, identified as CVE-2025-3248, carries a critical CVSS score of 9.8 out of 10, indicating its high severity. Organizations are being urged to immediately apply security updates and mitigation measures to prevent potential attacks.

The flaw is caused by a missing authentication vulnerability in the `/api/v1/validate/code` endpoint of Langflow. This allows unauthenticated remote attackers to execute arbitrary code through crafted HTTP requests. Specifically, the endpoint improperly invokes Python's built-in `exec()` function on user-supplied code without adequate authentication or sandboxing. This allows attackers to execute arbitrary commands on the server, potentially leading to full system compromise. The vulnerability affects most versions of Langflow and has been addressed in version 1.3.0, released on March 31, 2025.

According to security researchers, the vulnerability is easily exploitable and allows unauthenticated remote attackers to take control of Langflow servers. There are currently 466 internet-exposed Langflow instances, with a majority of them located in the United States, Germany, Singapore, India, and China. While the specifics of real-world exploitation are not fully known, exploit attempts have been recorded against honeypots. Federal Civilian Executive Branch (FCEB) agencies have been given until May 26, 2025, to apply the necessary fixes.

Recommended read:
References :
  • Talkback Resources: Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence [app] [exp] [net]
  • The Hacker News: Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
  • BleepingComputer: The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible.
  • securityaffairs.com: U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog
  • www.scworld.com: Critical 9.8 Langflow RCE bug added to CISA vulnerability list
  • gbhackers.com: gbhackers.com
  • www.csoonline.com: Critical flaw in AI agent dev tool Langflow under active exploitation
  • www.bleepingcomputer.com: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible.
  • www.helpnetsecurity.com: A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog.
  • www.bleepingcomputer.com: Critical Langflow RCE flaw exploited to hack AI app servers
@cyberpress.org //

NVIDIA TensorRT-LLM Vulnerability Leads to RCE - NVIDIA has released a security update for its TensorRT-LLM framework, addressing a high-severity vulnerability (CVE-2025-23254) that could lead to remote code execution.
NVIDIA has issued a critical security update for its TensorRT-LLM framework to address a high-severity vulnerability, identified as CVE-2025-23254. This flaw poses significant risks, potentially leading to remote code execution, data tampering, and information disclosure. All platforms and versions of TensorRT-LLM prior to 0.18.2 are affected, making this update essential for users to safeguard their systems against potential attacks. The vulnerability resides in the Python executor component of TensorRT-LLM and stems from insecure handling of Inter-Process Communication (IPC).

The specific weakness lies in the Python pickle module's utilization for serialization and deserialization within the socket-based IPC system. An attacker with local access to the TRTLLM server could exploit this by injecting malicious code, gaining unauthorized access to sensitive data, or manipulating existing data. NVIDIA has assigned a CVSS base score of 8.8 to this vulnerability, classifying it as high severity, with the underlying technical risk categorized as "Deserialization of Untrusted Data" (CWE-502). Avi Lumelsky of Oligo Security is credited with responsibly reporting the vulnerability.

To mitigate this threat, NVIDIA has implemented HMAC (Hash-Based Message Authentication Code) encryption by default for all socket-based IPC operations in both the main and release branches of TensorRT-LLM. This security enhancement ensures the integrity and authenticity of serialized data exchanged between processes, preventing unauthorized code execution. NVIDIA strongly advises users not to disable this encryption feature, as doing so would reintroduce the vulnerability and leave systems vulnerable to potential attacks. Users are urged to immediately update to TensorRT-LLM version 0.18.2 or later to fully address the identified risks.

Recommended read:
References :
  • Cyber Security News: NVIDIA has released a crucial security update for its TensorRT-LLM Framework, addressing a high-severity vulnerability that could expose users to significant risks, including remote code execution, data tampering, and information disclosure. The vulnerability, tracked as CVE-2025-23254, affects all platforms and all versions of TensorRT-LLM before 0.18.2. Vulnerability Details The flaw resides in the Python executor
  • securityonline.info: NVIDIA has released a security update for its TensorRT-LLM Framework, addressing a high-severity vulnerability that could expose users The post appeared first on .
  • gbhackers.com: NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its popular TensorRT-LLM framework, urging all users to update to the latest version (0.18.2) to safeguard their systems against potential attacks. Overview of the Vulnerability The vulnerability, identified as CVE-2025-23254, affects all versions of the NVIDIA TensorRT-LLM framework before 0.18.2 across
@reliaquest.com //

Critical SAP NetWeaver Zero-Day Exploited in Wild - A critical zero-day vulnerability, CVE-2025-31324, in SAP NetWeaver Visual Composer Metadata Uploader allows unauthenticated attackers to upload malicious files, leading to potential code execution; organizations are advised to apply the patch ASAP.
A critical zero-day vulnerability, CVE-2025-31324, has been discovered in SAP NetWeaver Visual Composer Metadata Uploader, posing a significant threat to organizations using the platform. The flaw stems from missing authorization checks on the `/developmentserver/metadatauploader` endpoint, allowing unauthenticated attackers to upload malicious files directly to the system. This unrestricted file upload vulnerability has a CVSS score of 10, indicating its critical severity and potential for widespread exploitation. Security researchers and threat hunters have already observed active exploitation in the wild, with threat actors using the vulnerability to drop web shell backdoors onto exposed systems.

Exploitation of CVE-2025-31324 enables attackers to gain unauthorized access and control over SAP systems. Threat actors are leveraging the vulnerability to upload web shells, facilitating remote code execution and further system compromise. These web shells allow attackers to execute commands, manage files, and perform other malicious actions directly from a web browser. According to SAP security platform Onapsis, the vulnerability can afford attackers the opportunity to take full control over SAP business data and processes, potentially leading to ransomware deployment and lateral movement within a network.

SAP has released an out-of-band emergency patch to address CVE-2025-31324, and organizations are strongly encouraged to apply the patch as soon as possible to mitigate the risk. ReliaQuest researchers also reported investigating multiple customer incidents involving JSP webshells uploaded via this vulnerability. Given the widespread active exploitation and the potential for significant impact, organizations should prioritize patching vulnerable systems and assessing them for any signs of compromise. Experts estimate that a significant percentage of internet-facing SAP NetWeaver systems may be vulnerable, highlighting the urgency of addressing this critical flaw.

Recommended read:
References :
  • Threats | CyberScoop: CyberScoop article about SAP zero-day vulnerability under widespread active exploitation
  • securityaffairs.com: SecurityAffairs article about SAP NetWeaver zero-day allegedly exploited by an initial access broker.
  • The DefendOps Diaries: thedefendopsdiaries.com article on Addressing CVE-2025-31324: A Critical SAP NetWeaver Vulnerability
  • Tenable Blog: Tenable Blog post on CVE-2025-31324 zero day vulnerability in SAP NetWeaver being exploited in the wild.
  • BleepingComputer: SAP fixes suspected Netweaver zero-day exploited in attacks
  • reliaquest.com: ReliaQuest uncovers vulnerability behind SAP NetWeaver compromise
  • MSSP feed for Latest: SAP Patches Critical Zero-Day Vulnerability in NetWeaver Visual Composer
  • Blog: Max severity zero-day in SAP NetWeaver actively exploited
  • thehackernews.com: Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.
  • cyberscoop.com: SAP zero-day vulnerability under widespread active exploitation
  • www.cybersecuritydive.com: SAP NetWeaver zero-day vulnerability under widespread active exploitation.
  • www.scworld.com: SAP patches zero day rated 10.0 in NetWeaver
  • The Register - Security: Emergency patch for potential SAP zero-day that could grant full system control
  • Resources-2: Picus Security explains SAP NetWeaver Remote Code Execution Vulnerability
  • socradar.io: Critical SAP NetWeaver Vulnerability (CVE-2025-31324) Allows Unauthorized Upload of Malicious Executables
  • Strobes Security: When a vulnerability is rated 9.9 out of 10 on the CVSS scale, it deserves immediate attention. CVE-2025-31324 affects SAP NetWeaver AS Java, a platform many businesses rely on every...
  • strobes.co: When a vulnerability is rated 9.9 out of 10 on the CVSS scale, it deserves immediate attention. CVE-2025-31324 affects SAP NetWeaver AS Java, a platform many businesses rely on every...
  • The DefendOps Diaries: The DefendOps Diaries: Understanding and Mitigating the CVE-2025-31324 Vulnerability in SAP NetWeaver
  • Vulnerable U: SAP CVE-2025-31324 Targeted by Attackers
  • www.bleepingcomputer.com: Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
  • www.bleepingcomputer.com: SAP fixes suspected Netweaver zero-day exploited in attacks
  • BleepingComputer: Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers.
  • Onapsis: Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)
  • research.kudelskisecurity.com: Critical Vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324)
  • securityaffairs.com: U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog
  • onapsis.com: In our SAP CVE-2025-31324 webinar learn how to assess exposure, patch critical vulnerabilities, and defend against active zero-day attacks on SAP systems.
  • research.kudelskisecurity.com: Research Kudelski Security Article on SAP NetWeaver Exploitation
  • Cyber Security News: SAP NetWeaver 0-Day Vulnerability Actively Exploited to Deploy Webshells
  • Caitlin Condon: Rapid7 MDR has observed in-the-wild exploitation of SAP NetWeaver Visual Composer CVE-2025-31324 in customer environments.
  • www.cybersecuritydive.com: Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.
  • www.it-daily.net: Security experts have identified a serious security vulnerability in SAP NetWeaver that allows unauthorized access to company systems.
  • securityonline.info: CISA Adds SAP NetWeaver Zero-Day CVE-2025-31324 to KEV Database
  • redcanary.com: Critical vulnerability in SAP NetWeaver enables malicious file uploads
  • www.stormshield.com: Security alert SAP CVE-2025-31324: Stormshield Products Response
  • Rescana: Critical Zero-Day Vulnerability in SAP NetWeaver Visual Composer: CVE-2025-31324 Exploited in Manufacturing Attacks
  • SOC Prime Blog: CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution
  • Stormshield: Security alert SAP CVE-2025-31324: Stormshield Products Response
  • socprime.com: CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution
@github.com //

Critical PyTorch RCE Vulnerability Allows Code Execution - A critical RCE vulnerability (CVE-2025-32434) in PyTorch affects versions 2.5.1 and earlier, undermining the safety of torch.load() and requiring users to upgrade to 2.6.0 immediately.
A critical Remote Code Execution (RCE) vulnerability, identified as CVE-2025-32434, has been discovered in PyTorch, a widely used open-source machine learning framework. This flaw, detected by security researcher Ji’an Zhou, undermines the safety of the `torch.load()` function, even when configured with `weights_only=True`. This parameter was previously trusted to prevent unsafe deserialization, making the vulnerability particularly concerning for developers who relied on it as a security measure. The discovery challenges long-standing security assumptions within machine learning workflows.

This vulnerability affects PyTorch versions 2.5.1 and earlier and has been assigned a CVSS v4 score of 9.3, indicating a critical security risk. Attackers can exploit the flaw by crafting malicious model files that bypass deserialization restrictions, allowing them to execute arbitrary code on the target system during model loading. The impact is particularly severe in cloud-based AI environments, where compromised models could lead to lateral movement, data breaches, or data exfiltration. As Ji'an Zhou noted, the vulnerability is paradoxical because developers often use `weights_only=True` to mitigate security issues, unaware that it can still lead to RCE.

To address this critical issue, the PyTorch team has released version 2.6.0. Users are strongly advised to immediately update their PyTorch installations. For systems that cannot be updated immediately, the only viable workaround is to avoid using `torch.load()` with `weights_only=True` entirely. Alternative model-loading methods, such as using explicit tensor extraction tools, are recommended until the patch is applied. With proof-of-concept exploits likely to emerge soon, delayed updates risk widespread system compromises.

Recommended read:
References :
info@thehackernews.com (The@The Hacker News //

SonicWall Command Injection Flaw Added to KEV - CISA added CVE-2021-20035, a SonicWall SMA100 Appliance flaw, to its Known Exploited Vulnerabilities (KEV) catalog, allowing remote attackers to execute arbitrary code.
CISA has added CVE-2021-20035, a high-severity vulnerability affecting SonicWall SMA100 series appliances, to its Known Exploited Vulnerabilities (KEV) catalog. This flaw, an OS command injection vulnerability in the SMA100 management interface, allows remote attackers to execute arbitrary code. The Cybersecurity and Infrastructure Security Agency (CISA) issued the alert on April 16, 2025, based on evidence of active exploitation in the wild. SonicWall originally disclosed the vulnerability in September 2021, and updated the advisory noting it has been reportedly exploited in the wild, and has updated the summary and revised the CVSS score to 7.2.

The vulnerability, tracked as CVE-2021-20035, stems from improper neutralization of special elements in the SMA100 management interface. Specifically, a remote authenticated attacker can inject arbitrary commands as a 'nobody' user, potentially leading to code execution. The affected SonicWall devices include SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v appliances running specific firmware versions.

CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply the necessary mitigations by May 7, 2025, to protect their networks from this actively exploited vulnerability. Remediation steps include applying the latest security patches provided by SonicWall to all affected SMA100 appliances and restricting management interface access to trusted networks. CISA strongly advises all organizations, including state, local, tribal, territorial governments, and private sector entities, to prioritize remediation of this cataloged vulnerability to enhance their cybersecurity posture.

Recommended read:
References :
  • chemical-facility-security-news.blogspot.com: CISA Adds SonicWall Vulnerability to KEV Catalog – 4-16-25
  • securityaffairs.com: U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
  • The Hacker News: Details on the exploitation of the vulnerability
  • Cyber Security News: CISA Alerts on Exploited SonicWall Command Injection Vulnerabilityâ€
  • gbhackers.com: CISA Issues Alert on SonicWall Flaw Being Actively Exploited
  • BleepingComputer: On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. [...]
  • gbhackers.com: GBHackers: CISA Issues Alert on SonicWall Flaw Being Actively Exploited
  • securityonline.info: CISA Alert: Actively Exploited SonicWall SMA100 Vulnerability
  • The DefendOps Diaries: CISA flags critical SonicWall vulnerabilities: Urgent mitigation required to prevent cyber attacks
  • www.cybersecuritydive.com: Older SonicWall SMA100 vulnerability exploited in the wild
  • Arctic Wolf: Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
  • Help Net Security: Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
  • Arctic Wolf: Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035
  • arcticwolf.com: On 15 April 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances.
  • The DefendOps Diaries: Understanding and Mitigating the SonicWall SMA Vulnerability
  • BleepingComputer: A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf.
  • bsky.app: A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf.
  • www.scworld.com: Cybersecurity Dive reports that active exploitation of the nearly half a decade-old high-severity SonicWall SMA100 remote-access appliance operating system command injection flaw
  • www.helpnetsecurity.com: Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
  • securityaffairs.com: CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog.
  • Help Net Security: CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers.
  • arcticwolf.com: Details the credential access campaign targeting SonicWall SMA devices and its potential link to CVE-2021-20035 exploitation.
  • securityaffairs.com: Attackers exploited SonicWall SMA appliances since January 2025
  • securityaffairs.com: Attackers exploited SonicWall SMA appliances since January 2025
  • www.bleepingcomputer.com: SonicWall SMA VPN devices targeted in attacks since January

Benchmarks

Blogs

Research Tools