Model Poisoning against Federated Model Adaptation with Chain of Bit-Flips

Federated Learning FL allows a set of clients to collectively train a global model without sharing local training data. Giving the responsibility of the training to decentralized actors may lead to poisoning attacks: clients controlled by malicious third party potentially poison the training...

ARTA: Adaptive Reinforcement-Learning-Based Throttling Agent for RowHammer Vulnerabilities

RowHammer vulnerability continues to intensify with DRAM scaling, reducing the activation threshold needed to induce bitflips and rendering existing defenses such as TRR, ECC, and refresh-based mechanisms vulnerable to sophisticated multi-bank hammering patterns. This work presents ARTA, a...

ScaleDisturb: Exploiting Temporal Asymmetry to Amplify Read Disturbance in Modern DRAM Chips

DRAM suffers from read disturbance phenomena e.g., RowHammer and RowPress, where repeatedly accessing or continuously keeping open a DRAM row aggressor row induces bitflips in other physically nearby unaccessed rows victim rows. The disturbance mechanism is practically exploitable from the softwa...

HammerSim: A System-Level Tool to Model RowHammer

Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models...

Loaded Dice: Solving the Non-Selection Problem for Scalable Probabilistic RowHammer Defense

DRAM scaling has exacerbated the RowHammer vulnerability. To counter this, JEDEC recently introduced Per Row Activation Counting PRAC with the Alert Back-Off protocol as an optional DDR5 feature. While promising, PRAC requires per-row counter cells that incur area overhead, and updating them on...

Rowhammer Attack Against NVIDIA Chips

A new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new--­and potentially much more consequential--­territory: GDD...

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

RowHammer Vulnerability Counter (RVC): Redefining RowHammer Detection with Victim-Centric Tracking

The Rowhammer vulnerability poses an increasing challenge with newer generations of DRAM and aggressive technology scaling. Existing mitigation techniques, such as Graphene, Twice, and Hydra, primarily rely on tracking activation counts for each row and issuing refreshes when a row reaches a...

PVAC: A RowHammer Mitigation Architecture Exploiting Per-Victim-Row Counting

As DRAM scaling exacerbates RowHammer, DDR5 introduces per-row activation counting PRAC to track aggressor activity. However, PRAC indiscriminately increments counters on every activation -- including benign refreshes -- while relying solely on explicit RFM operations for resets. Consequently,...

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

New academic research has identified multiple RowHammer attacks against high-performance graphics processing units GPUs that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach , GDDRHammer, and GeForge. GPUBrea...

Towards Remote Attestation of Microarchitectural Attacks: The Case of Rowhammer

Microarchitectural vulnerabilities increasingly undermine the assumption that hardware can be treated as a reliable root of trust. Prevention mechanisms often lag behind evolving attack techniques, leaving deployed systems unable to assume continued trustworthiness. We propose a shift from...

GPUHammer: Rowhammer Attacks on GPU Memories are Practical

Revisions Revision Date| Description ---|--- 2025-12-03| Initial publication...

Advisory ROSA-SA-2025-3079

Software: openssh 8.0p1 OS: ROSA Virtualization 3.0 CVE-ID: CVE-2019-16905 BDU-ID: 2021-03382 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the implementation of the OpenSSH cryptographic security tool is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker to...

SoK: Systematizing a Decade of Architectural RowHammer Defenses through the Lens of Streaming Algorithms

A decade after its academic introduction, RowHammer RH remains a moving target that continues to challenge both the industry and academia. With its potential to serve as a critical attack vector, the ever-decreasing RH threshold now threatens DRAM process technology scaling, with a superlinearly...

Hammering the Diagnosis: Rowhammer-Induced Stealthy Trojan Attacks on ViT-Based Medical Imaging

Vision Transformers ViTs have emerged as powerful architectures in medical image analysis, excelling in tasks such as disease detection, segmentation, and classification. However, their reliance on large, attention-driven models makes them vulnerable to hardware-level attacks. In this paper, we...

$Ρ$Hammer: Reviving RowHammer Attacks on New Architectures Via Prefetching

Rowhammer is a critical vulnerability in dynamic random access memory DRAM that continues to pose a significant threat to various systems. However, we find that conventional load-based attacks are becoming highly ineffective on the most recent architectures such as Intel Alder and Raptor Lake. In...

Exploit for CVE-2025-6202

This article examines the systemic cryptographic security threat...

EUVD-2020-2710

Malware in sbrugna...

EUVD-2021-29099

Malicious code in bioql PyPI...

EUVD-2025-29197

Malicious code in bioql PyPI...