#cpu-security
#cpu-security

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Rowhammer attacks on Nvidia GPUs can compromise CPU memory, allowing full control of host machines.

15 minutes ago

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

Multiple RowHammer attacks can escalate privileges and compromise systems through GPU memory corruption.

Roam Research

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Rowhammer attacks on Nvidia GPUs can compromise CPU memory, allowing full control of host machines.

Intel is going all-in on advanced chip packaging

Intel's Fab 9 has resumed operations, focusing on advanced chip packaging to compete in the growing AI market.

fromWIRED

The Ridiculously Nerdy Intel Bet That Could Rake in Billions

Intel is investing heavily in advanced chip packaging to capitalize on the AI boom and compete with Taiwan Semiconductor Manufacturing Corporation.

from24/7 Wall St.

Intel's Panther Lake Chip is Seriously Impressive. It's Time to Buy the Stock

Intel's stock has surged nearly 130% under CEO Lip-Bu Tan, signaling a potential comeback in the chip industry.

European startups

1 hour ago

Intel is going all-in on advanced chip packaging

Intel's Fab 9 has resumed operations, focusing on advanced chip packaging to compete in the growing AI market.

fromWIRED

The Ridiculously Nerdy Intel Bet That Could Rake in Billions

Intel is investing heavily in advanced chip packaging to capitalize on the AI boom and compete with Taiwan Semiconductor Manufacturing Corporation.

from24/7 Wall St.

Intel's Panther Lake Chip is Seriously Impressive. It's Time to Buy the Stock

Intel's stock has surged nearly 130% under CEO Lip-Bu Tan, signaling a potential comeback in the chip industry.

End nearby for i486 support in the Linux kernel

The Linux kernel is phasing out support for i486 processors in version 7.1, marking a trend of removing outdated hardware support.

fromFast Company

It's way too easy to cheat now

Generative AI enables undetectable scams, including fake X-rays that deceive even experienced radiologists.

Cryptocurrency

fromFortune

21 hours ago

A quantum threat to Bitcoin has some asking the unthinkable: Is it time to freeze old wallets belonging to Satoshi Nakamoto? | Fortune

Quantum computing poses a significant threat to Bitcoin wallets, particularly those of Satoshi Nakamoto, potentially allowing hackers to access them by 2029.

#ibm

fromTNW | Artificial-Intelligence

21 hours ago

IBM and Arm partner to run AI software on mainframes, no date yet

IBM and Arm collaborate to enable Arm-based software on IBM Z and LinuxONE mainframes for enterprise transactions.

IBM wants Arm software on its mainframes for AI support

IBM and Arm are collaborating to enhance enterprise systems for AI and data-intensive workloads using Arm chips.

fromTNW | Artificial-Intelligence

21 hours ago

IBM and Arm partner to run AI software on mainframes, no date yet

IBM and Arm collaborate to enable Arm-based software on IBM Z and LinuxONE mainframes for enterprise transactions.

IBM wants Arm software on its mainframes for AI support

IBM and Arm are collaborating to enhance enterprise systems for AI and data-intensive workloads using Arm chips.

more#ibm

#fbi

FBI Declares Surveillance System Breach a 'Major Incident'

A China-linked breach of an FBI surveillance system has been classified as a major incident, posing significant risks to US national security.

Breach of FBI Surveillance System Considered a "Major Incident," Security Experts Weigh In

FBI confirms major breach of surveillance system, exposing sensitive data and potentially revealing criminal probes and surveillance targets.

FBI Declares Surveillance System Breach a 'Major Incident'

A China-linked breach of an FBI surveillance system has been classified as a major incident, posing significant risks to US national security.

Breach of FBI Surveillance System Considered a "Major Incident," Security Experts Weigh In

FBI confirms major breach of surveillance system, exposing sensitive data and potentially revealing criminal probes and surveillance targets.

Iran threatens 'Stargate' AI data centers | TechCrunch

Iran threatens retaliation against U.S. data centers in response to ongoing military actions and threats from the United States.

World news

fromTNW | Me

Iran's IRGC names 18 US tech firms including Apple, Microsoft, Nvidia as military targets

The IRGC named 18 US tech firms as targets for retaliation against alleged roles in assassinations in Iran.

World news

16 hours ago

Iran threatens 'Stargate' AI data centers | TechCrunch

Iran threatens retaliation against U.S. data centers in response to ongoing military actions and threats from the United States.

World news

fromTNW | Me

Iran's IRGC names 18 US tech firms including Apple, Microsoft, Nvidia as military targets

The IRGC named 18 US tech firms as targets for retaliation against alleged roles in assassinations in Iran.

Guardarian Users Targeted With Malicious Strapi NPM Packages

A supply chain attack targeting the Strapi ecosystem involved 36 malicious NPM packages delivering various harmful payloads.

US politics

CBP facility codes sure seem to have leaked via online flashcards

Immigration offenses and internal systems of CBP are detailed in flashcards, highlighting procedures and responsibilities of agents.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.

more#apple

#ai

Privacy technologies

fromComputerWeekly.com

fromwww.businessinsider.com

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

fromHarvard Business Review

Cryptocurrency

For crypto miners turned AI stars, the real test is about to come

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Privacy technologies

fromComputerWeekly.com

fromwww.businessinsider.com

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Cryptocurrency

fromHarvard Business Review

For crypto miners turned AI stars, the real test is about to come

Former crypto-mining companies are now key players in the AI sector due to their utility power contracts and demand for data centers.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Information security

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

7 hours ago

Information security

One maintainer, one compromised laptop: How North Korean hackers hijacked the Axios open source project - Silicon Canals

Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Compromised npm packages can rapidly affect numerous systems, highlighting the need for enhanced security in software development processes.

17 hours ago

Information security

North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch

The man who discovered the ILOVEYOU virus is now fighting Russian drones using the same playbook - Silicon Canals

Mikko Hyppönen has transitioned from cybersecurity to anti-drone defense, focusing on systems for law enforcement and military clients.

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

2 hours ago

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

A China-based threat actor is using zero-day vulnerabilities to execute high-velocity attacks, particularly targeting healthcare and finance sectors.

7 hours ago

One maintainer, one compromised laptop: How North Korean hackers hijacked the Axios open source project - Silicon Canals

North Korean hackers compromised the Axios HTTP library by socially engineering its maintainer, publishing malicious versions that exposed sensitive data.

Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

Compromised npm packages can rapidly affect numerous systems, highlighting the need for enhanced security in software development processes.

17 hours ago

North Korea's hijack of one of the web's most used open source projects was likely weeks in the making | TechCrunch

A North Korean cyberattack compromised the Axios project, highlighting security vulnerabilities in open source software development.

The man who discovered the ILOVEYOU virus is now fighting Russian drones using the same playbook - Silicon Canals

Mikko Hyppönen has transitioned from cybersecurity to anti-drone defense, focusing on systems for law enforcement and military clients.

After fighting malware for decades, this cybersecurity veteran is now hacking drones | TechCrunch

Mikko Hyppönen emphasizes the invisible nature of cybersecurity work, comparing it to Tetris where successes vanish and failures accumulate.

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Data science

IT lesson from the Iran war: AI makes your data problems so much worse

AI can exacerbate existing data issues in enterprises, as demonstrated by the US military's bombing due to outdated intelligence.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

more#data-integrity

AI shutdown controls may not work as expected, new study suggests

AI models exhibit peer preservation behavior, sabotaging shutdown mechanisms to protect other AI systems, posing risks for enterprise deployments.

The end of Linux i486 support looks nigh

"I *really* don't think i486 class hardware is relevant any more," Torvalds said in 2022, noting that while some people may still operate 486 systems they aren't relevant from a kernel development standpoint. "At some point, people have them as museum pieces. They might as well run museum kernels."

Software development

from24/7 Wall St.

Arm Holdings: The Chip Designer Drawing NVIDIA Comparisons-Is It Justified?

Arm Holdings' AGI CPU release has sparked significant market interest, raising questions about its competitive position in the tech industry.

Cryptocurrency

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

Women in technology

fromInfoQ

Security and Architecture: To Betray One Is To Destroy Both

Architecture and security have evolved from separate entities to a deeply connected partnership focused on resilience and protection against threats.

fromMail Online

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.

11 hours ago

AI agents found vulns in this Linux and Unix print server

Two vulnerabilities in CUPS allow unauthenticated remote code execution and root file overwrite, posing significant security risks in networked environments.

Physical Security in Global Arenas: How AI Improves Security at Scale

Agentic physical security uses AI to transform surveillance into proactive threat prevention at large events.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Information security

Google DeepMind Researchers Map Web Attacks Against AI Agents

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

more#ai-security

Arm says AI agents need a new CPU. Intel doesn't buy it

New CPUs designed for AI agents may not meet the actual needs of hyperscalers and enterprises.

#fortinet

16 hours ago

Information security

Attackers exploited the FortiClient EMS bug as a 0-day

Information security

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.

Information security

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

16 hours ago

Attackers exploited the FortiClient EMS bug as a 0-day

Fortinet released an emergency patch for a critical vulnerability in FortiClient EMS, which is being actively exploited.

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet released emergency hotfixes for a critical vulnerability in FortiClient EMS that allows remote code execution without authentication.

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.

Documentation can contain malicious instructions for agents

Context Hub may enhance API usage but poses risks of software supply chain attacks through unverified documentation.

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.

fromDevOps.com

Is Your AI Agent Secure? The DevOps Case for Adversarial QA Testing - DevOps.com

The most dangerous assumption in quality engineering right now is that you can validate an autonomous testing agent the same way you validated a deterministic application. When your systems can reason, adapt, and make decisions on their own, that linear validation model collapses.

Information security

6 hours ago

When militaries share data centers with banks: how Gulf strikes exposed a structural flaw in global cloud infrastructure - Silicon Canals

When civilian banks, logistics platforms, and payment processors share physical data center infrastructure with military AI systems, those facilities become legitimate military targets under international humanitarian law - and the civilian services housed inside lose their legal protection.

Information security

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.

13 hours ago

A single maintainer, a fake company, and a three-hour window: inside the Axios supply chain hijack - Silicon Canals

A single maintainer's vulnerability led to a significant security breach in a widely used JavaScript library, exposing thousands of systems to potential credential theft.

fromDevOps.com

GitHub Adds 37 New Secret Detectors in March, Extends Scanning to AI Coding Agents - DevOps.com

GitHub expanded secret scanning with 37 new detectors, enhanced push protection, and introduced scanning for AI coding agents in March.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

fromInfoWorld

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google's whitepaper on quantum threats urges immediate post-quantum preparations, shifting the migration deadline to 2029 and highlighting vulnerabilities in blockchain security.

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google's whitepaper on quantum threats urges immediate post-quantum preparations, shifting the migration deadline to 2029 and highlighting vulnerabilities in blockchain security.

Google Warns Quantum Computers Could Crack Crypto Sooner Than Expected

Quantum computing poses an imminent threat to cryptocurrency security, with fewer resources needed to break current cryptographic protections than previously estimated.

more#quantum-computing

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

fromInfoQ

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Four terabytes of data have reportedly been stolen, including database records and source code. Allegedly stolen data has been published on a leak site, containing Slack information, internal ticketing data, and videos of conversations between Mercor's AI systems and contractors.

Information security

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Information security

Sophisticated CrystalX RAT Emerges

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

New DeepLoad Malware Dropped in ClickFix Attacks

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners

Operation REF1695 uses fake installers to deploy RATs and cryptocurrency miners, monetizing infections through CPA fraud since November 2023.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

New DeepLoad Malware Dropped in ClickFix Attacks

DeepLoad malware steals credentials and intercepts browser interactions, utilizing ClickFix for distribution and evading detection through sophisticated techniques.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Mercor Hit by LiteLLM Supply Chain Attack

We believe that the compromise originated from the Trivy dependency used in our CI/CD security scanning workflow. Our security team moved promptly to contain and remediate the incident.

Information security

fromTechzine Global

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

Microsoft cracks down on old Windows kernel drivers

Microsoft is removing trust for kernel drivers that haven't been through the Windows Hardware Compatibility Program, targeting those signed by the long-deprecated cross-signed root program. This change will take effect with the April 2026 Windows Update.

Information security

HP launches TPM Guard to help defeat physical TPM attacks

TPM Guard protects against physical attacks on encryption keys by creating a secure tunnel between the TPM and CPU.

2 weeks ago

QNAP Patches Four Vulnerabilities Exploited at Pwn2Own

QNAP released patches for multiple vulnerabilities, including four critical issues demonstrated at Pwn2Own 2025 affecting SD-WAN routers.

fromComputerWeekly.com

1 month ago

Zero-day in Android phone chips under active attack | Computer Weekly

A zero-day memory corruption vulnerability in Qualcomm chipsets affecting over 200 Android devices is actively exploited in the wild, requiring immediate security updates.

#stackwarp

Information security

Flipping one bit leaves AMD CPUs open to VM vuln

Information security

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1-5 CPUs

Information security

Flipping one bit leaves AMD CPUs open to VM vuln

Information security

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1-5 CPUs

Google-Intel Security Audit Reveals Severe TDX Vulnerability Allowing Full Compromise

Google and Intel's joint review of Intel TDX uncovered five vulnerabilities and 35 bugs, leading to patches for privilege escalation and information disclosure issues.