Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU.
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache.
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys.
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory.
Researchers from four American universities have developed a new GPU side-channel attack that leverages data compression to leak sensitive visual data from modern graphics cards when visiting web pages.
Researchers have discovered a new and powerful transient execution attack called 'Inception' that can leak privileged secrets and data using unprivileged processes on all AMD Zen CPUs, including the latest models.
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
A new software-based power side-channel attack called 'Collide+Power' was discovered, impacting almost all CPUs and potentially allowing data to leak. However, the researchers warn that the flaw is low-risk and will likely not be used in attacks on end users.
A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register.
A team of researchers has developed an eavesdropping attack for Android devices that can, to various degrees, recognize the caller's gender and identity, and even discern private speech.
Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers.
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS).
IT security researchers from Ruhr-Universität Bochum (RUB) and the Niederrhein University of Applied Sciences have discovered 14 new types of 'XS-Leak' cross-site leak attacks against modern web browsers, including Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox.
Google has published JavaScript proof-of-concept (PoC) code to demonstrate the practicality of using Spectre exploits targeting web browsers to gain access to information from a browser's memory.
Microsoft issued guidance on how to mitigate a DNS cache poisoning vulnerability reported by security researchers from the University of California and Tsinghua University.
Researchers from Tsinghua University and the University of California have identified a new method that can be used to conduct DNS cache poisoning attacks. The findings reopen a vulnerability that had been discovered by Kaminsky in 2008 and thought to have been resolved.
Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs.
Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys.
Intel issued two security updates for software and hardware products to patch vulnerabilities that may allow escalation of privilege and information disclosure.