Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks - The Hacker News

Critical remote code execution vulnerabilities have been discovered across major AI inference engines, including Meta, Nvidia, and Microsoft, stemming from the unsafe use of ZeroMQ and Python's pickle deserialization. This "ShadowMQ" pattern allows attackers to execute arbitrary code, escalate privileges, and conduct model theft by exploiting unauthenticated ZMQ TCP sockets.