// Google CloudCRITICAL
A critical vulnerability in Google Cloud Vertex AI's Python SDK (google-cloud-aiplatform) dubbed 'Pickle in the Middle' enables attackers to hijack machine learning model uploads and achieve cross-tenant remote code execution. The flaw combines predictable bucket naming, bucket squatting, and unsafe deserialization to allow attackers to poison ML artifacts before deployment. Exploitation leads to service account token theft and access to sensitive cloud resources. Google patched the issue in SDK versions 1.144.0 and 1.148.0; users should upgrade immediately and specify explicit staging buckets.
// Get alerts for Google Cloud