SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

CISA Flags Linux Copy Fail Flaw On Watch List, Crypto Infra At Risk

CISA Flags Linux Copy Fail Flaw On Watch List, Crypto Infra At Risk. A new Linux vulnerability dubbed“Copy Fail” could impact ...
Geeky Gadgets

Anaconda Code add-in for Microsoft Excel

Anaconda a prominent provider of data science, machine learning, and AI solutions, has announced the public beta release of Anaconda Code within its Anaconda Toolbox for Excel. This new feature allows ...
Bleeping Computer

PyPI removes 'mitmproxy2' over code execution concerns

The PyPI repository has removed a Python package called 'mitmproxy2' that was an identical copy of the official "mitmproxy" library, but with an "artificially introduced" code execution vulnerability.

YubiKey Manager: Security vulnerability allows execution of injected code

Yubico warns of a search path vulnerability in YubiKey Manager, libfido2 and python-fido2. Updates fix the bugs.
Bleeping Computer

WhatsApp for Windows lets Python, PHP scripts execute with no warning

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. For the attack to be ...