#linux

## Summary Keras's `keras.utils.get_file()` function is vulnerable to directory traversal attacks despite implementing `filter_safe_paths()`. The vulnerability exists because `extract_archive()` uses Python's `tarfile.extractall()` method without the security-critical `filter="data"` parameter. A PATH_MAX symlink resolution bug occurs before path filtering, allowing malicious tar archives to bypass security checks and write files outside the intended extraction directory. ## Details ### Root Cause Analysis **Current Keras Implementation** ```python # From keras/src/utils/file_utils.py#L121 if zipfile.is_zipfile(file_path): # Zip archive. archive.extractall(path) else: # Tar archive, perhaps unsafe. Filter paths. archive.extractall(path, members=filter_safe_paths(archive)) ``` ### The Critical Flaw While Keras attempts to filter unsafe paths using `filter_safe_paths()`, this filtering happens after the tar archive members are parsed and before actual extraction. Ho...

Confidential computing is needed to protect sensitive data not only when it is stored or transmitted, but also while it is actively being processed in memory - traditionally the most vulnerable phase. In this article, I demonstrate how to implement a secure runtime environment using AWS Nitro Enclaves for applications on EC2 instances running Red Hat Enterprise Linux 9.6+ (RHEL).To fully understand the concepts, use cases, and justifications for confidential computing, read our previous articles. The hardware used to provide secure communication and certification is based on AWS Nitro architec

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation. The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

# Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the `User-Agent` header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who ina...

AI security firm AISLE revealed CVE-2025-13016, a critical Firefox Wasm bug that risked 180M users for six months. Learn how the memory flaw allowed code execution.

In this October roundup, we cut through the noise to focus on the essential technical blueprints and policy foundations required to succeed. These articles, from key platform updates and critical security integrations to the future of open source legality, represent the core strategic reading for Q4. We highlight how Red Hat Ansible Automation Platform 2.6 streamlines operations, how Red Hat AI 3 and its intelligent control plane transform GPU infrastructure, and how our strategic partnership with NVIDIA simplifies the AI software stack. This is the quarter for planning that prepares your orga

New research shows that "modded Amazon Fire TV Sticks" and piracy apps often lead to scams, stolen data, and financial loss.

The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian information technology (IT) sector between 2024 and 2025 while staying undetected for extended periods of time. "In the period from 2024 to 2025, the Russian IT sector, especially companies working as contractors and integrators of solutions for government agencies,

## Summary Heap buffer overflow in `mlx::core::load()` when parsing malicious NumPy `.npy` files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. Environment: - OS: Ubuntu 20.04.6 LTS - Compiler: Clang 19.1.7 ## Vulnerability The parser reads a 118-byte header from the file, but line 268 uses `std::string(&buffer[0])` which stops at the first null byte, creating a 20-byte string instead. Then line 276 tries to read `header[34]` without checking the length first, reading 13 bytes past the allocation. **Location**: `mlx/io/load.cpp:268,276` **Bug #1** (line 268): ```cpp std::string header(&buffer[0]); // stops at first null byte ``` **Bug #2** (line 276): ```cpp bool col_contiguous = header[34] == 'T'; // No bounds check ``` ## Possible Fix ```cpp // Line 268 std::string header(&buffer[0], header_len); // Line 276 if (header.length() < 35) throw std::runtime_error("Malformed header"); ``` ## PoC ```bash pip install mlx...