Praetorian cybersecurity researchers have found a vulnerability in open-source machine learning platform TensorFlow that could allow an attacker to compromise its software supply chain. The flaw is due to CI/CD misconfigurations and could lead to a supply chain attack on TensorFlow releases by compromising TensorFlow’s build agents through a malicious pull request. The researchers reported the vulnerability to Google, who acknowledged it as a critical supply chain compromise vulnerability.
Cyber professionals are losing sleep over late night attacks
Hackers are biding their time and launching attacks when businesses can’t respond
