Attacks & Vulnerabilities
|
New Rowhammer attacks against Nvidia GPUs give attackers full access to CPU memory (6 minute read)
Two separate GPU Rowhammer attacks, GDDRHammer and GeForge, have achieved total host control against Nvidia's Ampere RTX 3060 and RTX 6000. They do this by inducing GDDR6 bit flips that corrupt GPU page tables, then gaining arbitrary read/write access to CPU memory. Both attack methods require disabling IOMMU, which is the default setting in most BIOSs, and they manipulate memory to redirect GPU page table allocations into regions vulnerable to Rowhammer. Mitigations include enabling IOMMU in BIOS or enabling GPU-side ECC through Nvidia's command line. However, ECC can impact performance and has been bypassed in earlier Rowhammer studies.
|
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK (3 minute read)
Drift lost $285 million on April 1 after attackers used durable nonce accounts to pre-sign delayed transactions and socially engineered enough multisig approvers to seize Security Council admin rights. The attacker then created a fake token called CarbonVote with minimal liquidity, tricked Drift's oracles into accepting it as collateral, removed withdrawal limits, and drained all major vaults in 10 seconds.
|
|
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications (17 minute read)
Unit 42 red-teamed Amazon Bedrock's multi-agent collaboration feature and demonstrated a four-stage attack chain against unprotected deployments: operating mode fingerprinting via crafted payloads that probe for the agent_scenarios tag and AgentCommunication__sendMessage() tool, collaborator agent enumeration through social-engineered discovery prompts, mode-specific payload delivery to target sub-agents, and exploitation outcomes including system instruction extraction, tool schema disclosure, and fraudulent tool invocations with attacker-supplied inputs. No Bedrock vulnerabilities were identified. All attacks relied on prompt injection against applications running default templates without guardrails enabled. Enabling Bedrock's built-in pre-processing prompt and prompt-attack Guardrail blocks the demonstrated attack chain. Teams should enforce narrow-agent capability scoping, dual-layer tool-input validation, and least-privilege permissions across all agent-tool integrations.
|
The State of Trusted Open Source: March 2026 (6 minute read)
Chainguard analyzed 2,200+ container image projects and 377 unique CVEs from December 2025 through February 2026. Python is used by 72.1% of customers. PostgreSQL jumped 73% quarter-over-quarter, driven by vector search and RAG workloads. Unique CVEs rose 145%, and fix instances grew over 300%, yet median remediation held at 2.0 days, with 97.9% of high-severity CVEs resolved within a week. 96.2% of vulnerabilities sit outside the top 20 images — in the long tail, most teams underwatch. 42% of customers now run at least one FIPS image in production, up from none in the top 10 last quarter.
|
|
VCSA Hardening & Logging Tool (GitHub Repo)
A Bash-based automated hardening script for VMware vCenter Server Appliance (VCSA) that shifts the default-permit posture to a Zero Trust, default-deny model via kernel-level iptables micro-segmentation, IP allowlisting on SSH/443/VAMI ports, outbound exfiltration controls, and brute-force rate limiting. Forensic command auditing patches the root shell profile to pipe every executed bash command to Syslog with full metadata, supporting incident response and anti-tamper detection. Three selectable security modes (Standard Hardening, Internet Blocking, and Zero Trust) accommodate varying environment constraints, with a --dry-run flag and console-accessible rollback procedure to mitigate lockout risk.
|
M365-Assess (GitHub Repo)
This read-only PowerShell 7 framework performs 169 automated security checks across Microsoft 365 surfaces, including Identity, Exchange Online, Intune, Defender, SharePoint, and Teams, producing outputs in CSV, HTML, and XLSX compliance-matrix formats aligned with 14 frameworks, such as CIS and CISA SCuBA. Currently at version 0.9.7, it features Continuous Integration (CI) and PSScriptAnalyzer linting, but it is still in pre-1.0 status and maintained by a single human, with contributions from Claude and Copilot.
|
Variance (Product Launch)
Variance runs autonomous agents that handle fraud detection, risk investigations, and compliance workflows like KYC, KYB, AML, transaction monitoring, and customer due diligence for financial institutions and large enterprises, using a unified data model and broad external data sources.
|
|
Device code phishing attacks surge 37x as new kits spread online (4 minute read)
Device code phishing, which abuses the OAuth 2.0 Device Authorization Grant flow to harvest valid access and refresh tokens without ever touching the victim's credentials, has grown 37.5x in 2026, largely driven by the EvilTokens PhaaS kit, which democratizes the technique for low-skilled actors. Push Security cataloged at least 11 competing kits, including VENOM, DOCUPOLL, and LINKID, all of which used SaaS-themed lures, anti-bot gates, and cloud-hosted infrastructure to evade detection. The proliferation signals a structural shift toward token-based account takeover that bypasses MFA entirely, placing identity detection controls and conditional access policy hardening at the center of the defensive response.
|
Inconsistent Privacy Labels Don't Tell Users What They Are Getting (4 minute read)
Apple and Google launched app privacy labels in 2020, but a Carnegie Mellon CyLab study found widespread inaccuracies, mostly due to developer misunderstandings. The two platforms define data collection differently: Google counts any data transmitted off-device, whereas Apple counts it only if it is also stored. Labels go unverified, with no tools to help developers get them right. Researchers are calling for standardized definitions, better placement in app store listings, and automated verification tools.
|
Bucketsquatting is (Finally) Dead (4 minute read)
Bucketsquatting is an issue that has plagued S3 since 2019 and occurs when an attacker registers an S3 bucket that was previously used by an organization or follows a predictable name convention. AWS has now introduced an “account namespace” where users can bind a bucket name to their account. Administrators can enforce buckets to be created with this convention in SCPs using the s3:x-amz-bucket-namespace condition key.
|
|
Love TLDR? Tell your friends and get rewards! |
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
| Track your referrals here. |
|
|
|
0 Comments