Picklescan
-
eScan update servers used to deliver persistent downloader in supply chain attack
Unknown attackers distributed a malicious eScan update on January 20, 2026 that replaced reload.exe and deployed a downloader. The vendor isolated servers for over eight hours and published a patch to revert the changes.
-
eScan update server breached to deliver malicious update on January 20 2026
An eScan update server was breached on January 20 2026 and pushed a malicious update to a subset of customers. Morphisec’s security bulletin details the modified updater and final backdoor payload.
-
Three critical bugs in Picklescan could let malicious PyTorch models execute code, researchers say
Researchers disclosed three high-severity vulnerabilities in Picklescan that can be abused to bypass scanning and execute arbitrary code when loading malicious PyTorch models; fixes were released in Picklescan 0.0.31 and related analysis is available from JFrog, SecDim and others.
