A critical vulnerability in Google Cloud Platform, named “ConfusedComposer,” allowed attackers to escalate privileges to sensitive resources via Google Cloud Composer, a workflow orchestration service. By maliciously injecting PyPI packages, attackers could gain control of a highly privileged service account. Google has patched the issue, restructuring package handling to enhance security across GCP environments.
Financial malware on the rise as espionage attacks decline
Research by security firm Mandiant indicates an increase in financially motivated malware attacks, with actors increasingly targeting unsecured data and stolen credentials for profit. The
