CyberSecurity news
FlagThis
info@thehackernews.com (The@The Hacker News
//
Researchers have revealed a significant security flaw affecting modern Intel CPUs, dubbed Branch Privilege Injection (BPI). This vulnerability allows unauthorized access to sensitive data from memory by misusing the CPU's branch prediction calculations. The flaw, which impacts all Intel processors, could enable attackers to read the contents of the processor's cache and the working memory of other users on the same CPU. This issue is related to Branch Predictor Race Conditions (BPRC), where an unprivileged hacker can exploit the processor's switching between prediction calculations for different users to bypass security barriers. Intel has released microcode patches to mitigate this vulnerability, identified as CVE-2024-45332.
Also discovered were Spectre v2-style attacks, named Training Solo, which exploit vulnerabilities tracked as CVE-2024-28956 and CVE-2025-24495 to leak kernel memory at a rate of up to 17 Kb/s. These hardware exploits can break domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks. While Intel has provided microcode updates for these issues, AMD has revised its existing guidance on Spectre and Meltdown, highlighting the widespread impact of these CPU flaws on system security.
Pwn2Own Berlin 2025 showcased the discovery of numerous zero-day vulnerabilities, awarding a total of $695,000 for 39 unique exploits. The competition featured successful attacks on critical software platforms, including VMware ESXi, Microsoft SharePoint, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. A notable exploit was Nguyen Hoang Thach's successful attack against VMware ESXi, earning $150,000 for an integer overflow exploit. Dinh Ho Anh Khoa of Viettel Cyber Security received $100,000 for hacking Microsoft SharePoint through an exploit chain, underscoring the persistent challenges in maintaining robust software security across various platforms.
ImgSrc: blogger.googleu
References :
Also discovered were Spectre v2-style attacks, named Training Solo, which exploit vulnerabilities tracked as CVE-2024-28956 and CVE-2025-24495 to leak kernel memory at a rate of up to 17 Kb/s. These hardware exploits can break domain isolation and re-enable traditional user-user, guest-guest, and even guest-host Spectre-v2 attacks. While Intel has provided microcode updates for these issues, AMD has revised its existing guidance on Spectre and Meltdown, highlighting the widespread impact of these CPU flaws on system security.
Pwn2Own Berlin 2025 showcased the discovery of numerous zero-day vulnerabilities, awarding a total of $695,000 for 39 unique exploits. The competition featured successful attacks on critical software platforms, including VMware ESXi, Microsoft SharePoint, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. A notable exploit was Nguyen Hoang Thach's successful attack against VMware ESXi, earning $150,000 for an integer overflow exploit. Dinh Ho Anh Khoa of Viettel Cyber Security received $100,000 for hacking Microsoft SharePoint through an exploit chain, underscoring the persistent challenges in maintaining robust software security across various platforms.
ImgSrc: blogger.googleu
Share:
References :
- The Hacker News: Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks
- BleepingComputer: Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
- Talkback Resources: Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked [exp]