SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
Bleeping Computer

Unpatched 15-year old Python bug allows code execution in 350k projects

A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to ...
Bleeping Computer

PyPI removes 'mitmproxy2' over code execution concerns

The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability.
The Hacker News

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

The vulnerability, per security researcher McCaulay Hudson, is rooted in the function "ike2_ProcessPayload_CERT" present in ...
Geeky Gadgets

ChatGPT Canvas Collaborative AI Tool Receives New Updates – 12 Days of OpenAI

On the fourth day of its 12 Days of OpenAI, the team at OpenAI has introduced updates to its Canvas collaborative AI workspace. Designed as part of the ChatGPT platform, Canvas enhances collaboration ...
Hackaday

Reliably Exploiting Apport In Ubuntu

[Donncha O’Cearbhaill] has successfully exploited two flaws in Apport, the crash report mechanism in Ubuntu. Apport is installed by default in all Ubuntu Desktop installations >= 12.10 (Quantal).