Kinetic Potential Blog

New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host.

The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge.

GPUBreach goes a step further than GPUHammer, demonstrating for the first time that RowHammer bit-flips in GPU memory can induce much more than data corruption and enable privilege escalation, and lead to a full system compromise.

"By corrupting GPU page tables via GDDR6 bit-flips, an unprivileged process can gain arbitrary GPU memory read/write, and then chain that into full CPU privilege escalation — spawning a root shell — by exploiting memory-safety bugs in the NVIDIA driver," Gururaj Saileshwar, one of the authors of the study and Assistant Professor at the University of Toronto, said in a post on LinkedIn.

The European Commission (EC) has confirmed that hackers stole over 300GB of data from its AWS environment using an API key compromised in the Trivy supply chain attack.

The incident occurred on March 24 and was initially disclosed on March 27, when the EC warned that cloud infrastructure hosting its resources for the Europa.eu platform had been breached.

Now, CERT-EU reveals that the hack involved an AWS cloud account that is part of the backend for the Europa.eu hosting service, which supports public websites for the EC and other European Union entities.

Hackers gained access to the AWS account using an API key compromised on March 19 in the supply chain attack on Aqua Security’s Trivy vulnerability scanner, carried out by the TeamPCP hacking group.

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword.

"We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword," the company said. "The fixes associated with the DarkSword exploit first shipped in 2025."

The update is available for the following devices -