Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Google Cloud Vertex AI SDK Python predictable bucket squatting security flaw

Vulnerability
First reported
Last updated
Happening score
H score 1
1 unique sources, 1 articles

Summary

Hide ▲

Google Cloud Vertex AI SDK for Python had a predictable temporary bucket flaw that let an attacker hijack model uploads and reach code execution inside Google's serving infrastructure, and Google fixed it in 1.148.0.

Related Happenings

Zealot autonomous AI cloud intrusion proof of concept

Technical Analysis
H score31 First: 23.04.2026 13:09 Last: 23.04.2026 13:09 Sources 1

About this happening: **Palo Alto Networks Unit 42** built **Zealot**, an autonomous AI agent that successfully attacked an isolated **Google Cloud Platform** environment, showing that machine-speed ad...

Open Happening

Unit 42 Zealot proves autonomous cloud attack chaining in GCP

Technical Analysis
H score31 First: 23.04.2026 13:00 Last: 23.04.2026 13:00 Sources 1

About this happening: **Unit 42's Zealot PoC** shows autonomous AI can chain cloud attack stages in a live **Google Cloud Platform** environment, shrinking defender reaction time to minutes. The system...

Open Happening

Victim organization's AWS environment hit by data theft breach

Incident
H score15 First: 11.03.2026 09:31 Last: 11.03.2026 09:31 Sources 1

About this happening: **UNC6426** breached a victim organization's **AWS environment** and escalated to **administrator access** in **less than 72 hours**, creating immediate risk of **data theft** and...

Open Happening

Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025

Trend
H score50 First: 10.03.2026 17:30 Last: 10.03.2026 17:30 Sources 1

About this happening: Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...

Open Happening

Google Looker Studio cross-tenant SQL injection flaws SQL injection flaw

Vulnerability
H score4 First: 10.03.2026 15:20 Last: 10.03.2026 15:20 Sources 1

About this happening: Researchers disclosed **nine cross-tenant vulnerabilities** in **Google Looker Studio** that could let attackers run **arbitrary SQL queries** on victims' databases and exfiltrate...

Open Happening

Timeline

  1. 16.06.2026 22:05 2 articles · 4h ago

    Unit 42 discloses Vertex AI SDK bucket squatting weakness

    Initial Disclosure

    Palo Alto Networks Unit 42 reported a predictable temporary bucket weakness in the Google Cloud Vertex AI SDK for Python through Google's Vulnerability Reward Program. The issue let an attacker with their own Google Cloud project and a victim project's ID hijack model uploads, swap in a malicious pickle/joblib model, and trigger code execution in Google's serving infrastructure; Unit 42 said it saw no exploitation in the wild.

    Show sources
    Open in new tab
  2. 16.06.2026 22:05 1 articles · 4h ago

    Google adds random uuid4 to Vertex AI SDK model-upload buckets

    Mitigation Patch Update

    Google shipped v1.144.0 of the Google Cloud Vertex AI SDK for Python with an initial fix that added a random uuid4 to the temporary bucket name used for model uploads. The change reduced bucket squatting risk in Model.upload(), although ownership verification was still added later in v1.148.0.

    Show sources
    Open in new tab
  3. 16.06.2026 22:05 1 articles · 4h ago

    Google adds bucket ownership verification to Vertex AI SDK Model.upload()

    Mitigation Patch Update

    Google completed the fix in v1.148.0 of the Google Cloud Vertex AI SDK for Python by adding bucket ownership verification in Model.upload() to block bucket squatting. The update makes the ownership check active for users who upgrade to 1.148.0 or later.

    Show sources
    Open in new tab