writeups.xyz writeups.xyz / Shir Tamari (@Shirtamari)

Title Vulnerabilities Programs Authors
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
The risk in malicious AI models: Wiz Research discovers critical vulnerability in AI-as-a-Service provider, Replicate
Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations
GameOver(lay): Easy-to-exploit local privilege escalation vulnerabilities in Ubuntu Linux affect 40% of Ubuntu cloud workloads
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL