[woodrowbarlow]

> what security researchers call a "Pickle Bomb."

is anyone calling it that? to me, "pickle bomb" would imply abusing compression or serialization for a resource-exhaustion attack, a la zipbombs.

"pickle bomb", the way you're using it, doesn't seem like a useful terminology -- pickles are just (potentially malicious) executables.

[lab700xdev]

Fair point on the terminology overlap with "Zip Bombs" (resource exhaustion). I used "Pickle Bomb" colloquially to describe a serialized payload waiting to detonate upon load, similar to how "Logic Bomb" is used in malware. "Malicious Pickle Stream" is definitely the more precise technical term, but it doesn't quite capture the visceral risk of "I loaded this file and my AWS keys are gone" as well as Bomb does!