GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Updated on April 22, 2025

Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that’s based on Apache Airflow.
“This vulnerability lets attackers with edit permissions in Cloud Composer to escalate their access to the default Cloud Build service account, which…

Read the rest of the story at Read More

Source: The Hacker News

April 14, 2025 Uncategorized

Pakistan-Linked Hackers Expand Targets i...

October 28, 2024 Uncategorized

Researchers Uncover OS Downgrade Vulnera...

August 14, 2024 Uncategorized

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

Related posts

Pakistan-Linked Hackers Expand Targets i...

Researchers Uncover OS Downgrade Vulnera...

China-Backed Earth Baku Expands Cyber At...

Leave a Comment Cancel reply

Recent News

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed

⚡ Weekly Recap: Nation-State Hacks, Spyware Alerts, Deepfake Malware, Supply Chain Backdoors

Perfection is a Myth. Leverage Isn’t: How Small Teams Can Secure Their Google Workspace

Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems

TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China

How to Automate CVE and Vulnerability Advisory Response with Tines