Tag: Hardware

‘Trivial’ exploit can give attackers root access to Linux kernel

May 1, 2026 5:39 AM

Tags: access, ai, attack, business, cloud, container, cve, data, exploit, flaw, github, gitlab, Hardware, incident response, iot, korea, kubernetes, linux, malware, monitoring, remote-code-execution, risk, risk-assessment, saas, sans, software, supply-chain, theft, threat, unauthorized, update, vulnerability

), which lets users easily obtain root access, there isn’t much CSOs can do, says Johannes Ullrich, dean of research at the SANS Institute, as long as they have monitoring for privilege escalation already in place.With root access, a threat actor can do anything to a system, from data theft to data erasure.”The CopyFail vulnerability…
AWS leans on prior ingenuity to face future AI and quantum threats

Apr 29, 2026 11:38 AM

Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, update

Symmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
AWS leans on prior ingenuity to face future AI and quantum threats

Apr 29, 2026 11:38 AM

Tags: access, ai, attack, authentication, breach, cloud, communications, computer, computing, control, credentials, crypto, cryptography, cybersecurity, data, defense, encryption, exploit, google, Hardware, identity, infrastructure, Internet, lessons-learned, malicious, penetration-testing, phishing, risk, service, technology, threat, tool, update

Symmetric cryptography and the quantum threat: Back in the early 2010s, most hardware security modules used asymmetric cryptography to protect security keys. Asymmetric cryptography, the kind used to secure online communications, involves pairs of keys, one to lock, another to unlock. It’s a very useful and convenient approach when dealing with multiple parties.Amazon chose to…
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

Apr 28, 2026 10:39 AM

Tags: cyber, Hardware, malicious

NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device…
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

Apr 28, 2026 10:39 AM

Tags: cyber, Hardware, malicious

NCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT systems: the physical links between screens and computers. It is a small plug-in security device…
Schwachstelle in Qualcomm-Snapdragon

Apr 23, 2026 4:39 PM

Tags: access, Hardware, iot, kaspersky, vulnerability

Kaspersky ICS CERT hat eine Hardware-Schwachstelle in Qualcomm-Chips entdeckt. Diese sind in einer Vielzahl von Verbraucher- und Industriegeräten weit verbreitet, darunter Smartphones, Tablets, Fahrzeugkomponenten und IoT-Geräte. Die Schwachstelle befindet sich im sogenannten BootROM, einer auf Hardwareebene verankerten Firmware. Angreifer könnten dadurch potenziell Zugriff auf sämtliche auf dem Gerät gespeicherten Daten sowie auf Sensoren wie Kamera…
Thales named a 2026 Google Partner of the Year Infrastructure Modernization: Sovereign Cloud Category

Apr 23, 2026 5:39 AM

Tags: access, ai, application-security, cloud, compliance, container, control, cyber, data, encryption, finance, google, government, group, Hardware, infrastructure, insurance, privacy, service, software, unauthorized

Thales named a 2026 Google Partner of the Year Infrastructure Modernization: Sovereign Cloud Category josh.pearson@t“¦ Wed, 04/22/2026 – 23:56 Thales was recognized with a 2026 Google Cloud Partner of the Year award in the Infrastructure Modernization: Sovereign Cloud category. This award highlights partners who have had a significant impact within the Google Cloud ecosystem, particularly…
Thales named a 2026 Google Partner of the Year Infrastructure Modernization: Sovereign Cloud Category

Apr 23, 2026 5:39 AM

Tags: access, ai, application-security, cloud, compliance, container, control, cyber, data, encryption, finance, google, government, group, Hardware, infrastructure, insurance, privacy, service, software, unauthorized

Thales named a 2026 Google Partner of the Year Infrastructure Modernization: Sovereign Cloud Category josh.pearson@t“¦ Wed, 04/22/2026 – 23:56 Thales was recognized with a 2026 Google Cloud Partner of the Year award in the Infrastructure Modernization: Sovereign Cloud category. This award highlights partners who have had a significant impact within the Google Cloud ecosystem, particularly…
The Time Is Now to Prepare for CRA Enforcement

Apr 22, 2026 4:38 PM

Tags: cyber, cybersecurity, Hardware, international, law, network, resilience, software, supply-chain

<div cla When the EU Cyber Resilience Act (CRA) was introduced into law in 2024, it represented one of the most significant regulatory shifts we’ve seen anywhere in the world with implications for how organizations build, ship, and maintain software. It establishes cybersecurity requirements for hardware and software products sold within the European Union or…
Anthropic bets on EPSS for the coming bug surge

Apr 22, 2026 11:39 AM

Tags: ai, cisco, ciso, cloud, crowdstrike, cve, cvss, cyber, data, exploit, flaw, government, Hardware, healthcare, infrastructure, network, update, vulnerability

Security leaders weigh promise versus reality: Security vendors are increasingly incorporating EPSS scores into their systems.According to Roytman, EPSS has been incorporated into more than 120 security vendors’ products, including CrowdStrike, Cisco, Palo Alto Networks, Qualys, and Tenable platforms.”I do not think other CISOs realize how broadly EPSS has been adopted, but that adoption is…
Top techniques attackers use to infiltrate your systems today

Apr 21, 2026 11:39 AM

Tags: 2fa, access, ai, api, attack, authentication, automation, business, captcha, cloud, container, control, corporate, credentials, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, exploit, flaw, hacking, Hardware, identity, infrastructure, least-privilege, malicious, mfa, microsoft, monitoring, network, password, phishing, powershell, ransomware, risk, saas, scam, service, social-engineering, software, supply-chain, theft, tool, training, vpn, vulnerability, worm

Network security device hacking: Network edge devices have increasingly drawn attackers’ attention over the past two years, establishing a new battleground where the very devices meant to protect the network have become attractive targets for exploitation.As a result, flaws in security device, such as SSL VPN systems and other gateways, are among the top initial…
We beat Google’s zero-knowledge proof of quantum cryptanalysis

Apr 17, 2026 3:39 PM

Tags: ai, application-security, attack, best-practice, computer, computing, control, cryptography, data, exploit, google, group, Hardware, metric, programming, risk, rust, technology, tool, update, vulnerability

Two weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own zero-knowledge proof that significantly improves Google’s on all metrics. Our result is…
Raspberry Pi OS ends open-door policy for sudo

Apr 17, 2026 12:48 AM

Tags: Hardware, password

Command prefix will require password by default First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/raspberry_pi_os_sudo/
Raspberry Pi OS ends open-door policy for sudo

Apr 17, 2026 12:48 AM

Tags: Hardware, password

Command prefix will require password by default First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/raspberry_pi_os_sudo/
Raspberry Pi OS ends open-door policy for sudo

Apr 17, 2026 12:48 AM

Tags: Hardware, password

Command prefix will require password by default First seen on theregister.com Jump to article: www.theregister.com/2026/04/15/raspberry_pi_os_sudo/
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts

Apr 14, 2026 6:52 PM

Tags: access, Hardware, microsoft, windows

Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-fast-track-to-reinstate-windows-hardware-dev-accounts/
In Open-Source Silicon We Trust: ‘Bunnie’ Huang’s Baochip

Apr 14, 2026 12:52 AM

Tags: hacker, Hardware, open-source

Veteran Hardware Hacker’s Chip Facilitates More Trustworthy and Secure Devices. How can we trust hardware to not betray us? Enter the Baochip-1x, a piece of largely open-source silicon created by Andrew Bunnie Huang, which he said is designed to give developers an affordable, security-focused and attestable chip, not least for building high-assurance, embedded devices. First…
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Apr 12, 2026 8:52 AM

Tags: access, breach, Hardware, malicious, monitoring, rat, software, threat, tool

Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT.The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00…
Google Chrome Update Disrupts Infostealer Cookie Theft

Apr 11, 2026 2:52 PM

Tags: breach, browser, chrome, credentials, google, Hardware, theft, update

Google adds Device Bound Session Credentials (DBSC) to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows. First seen on hackread.com Jump to article: hackread.com/google-chrome-update-infostealer-cookie-theft/
Why is the timeline to quantum-proof everything constantly shrinking?

Apr 9, 2026 11:52 PM

Tags: china, google, Hardware

Experts say advancements in hardware, mathematics and growing fear of Chinese scientific breakthroughs are pushing Google and others to call for speedier migration. First seen on cyberscoop.com Jump to article: cyberscoop.com/quantum-computing-industry-timeline-threat-accelerating/
Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning

Apr 9, 2026 9:52 PM

Tags: android, attack, awareness, browser, chrome, ciso, communications, compliance, computer, computing, crypto, cryptography, cybersecurity, data, encryption, google, government, group, Hardware, infrastructure, Internet, ml, mobile, regulation, risk, service, strategy, technology, threat, vulnerability

National Institute of Standards and Technology (NIST) has set a 2030 deadline for depreciating legacy encryption algorithms ahead of their planned retirement in 2035.Late last month Google brought forward its own post-quantum cryptography (PQC) deadline a year to 2029 because advances in quantum computers mean that legacy encryption and digital signature systems are at greater…
Is a $30,000 GPU Good at Password Cracking?

Apr 8, 2026 4:52 PM

Tags: ai, Hardware, password

A $30,000 AI GPU doesn’t outperform consumer GPUs at password cracking. Specops explains why attackers don’t need exotic hardware to break weak passwords. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/is-a-30-000-gpu-good-at-password-cracking/
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions

Apr 8, 2026 1:52 PM

Tags: access, attack, backdoor, blizzard, breach, ceo, ciso, cloud, control, corporate, credentials, data, dns, finance, Hardware, login, malicious, malware, mobile, network, office, password, phishing, ransomware, risk, router, theft, threat, vpn, vulnerability

Invisible path to enterprise systems: This attack poses a serious risk to enterprises because, instead of beginning at the corporate perimeter, it starts from employee environments that are often less secure. Threat actors target vulnerable home or small office routers, which often have weak default passwords or unpatched software.The shift to remote work has dramatically…
Masjesu Botnet Targets Routers in Commercial DDoS Attacks

Apr 8, 2026 12:52 PM

Tags: attack, botnet, cyber, data-breach, ddos, hacker, Hardware, infrastructure, iot, jobs, network, router

Hackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning everyday network hardware into commercial attack firepower. Operating quietly since early 2023 and still active in 2026, Masjesu (also known as XorBot) shows how mature, stealth-focused botnets are reshaping the DDoS marketplace. Masjesu is a commercially run…
Blocky DNS-Adblocker mit Visor auf dem Raspberry Pi im Test

Apr 8, 2026 9:51 AM

Tags: dns, Hardware

Blocky DNS-Adblocker mit Visor auf dem Raspberry Pi OS 64-Bit im Test. Warum der DNS-Dienst Technitium DNS, AdGuard Home und Pi-hole schlägt. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/blocky-dns-adblocker-mit-visor-auf-dem-raspberry-pi-im-test-328016.html
What we learned about TEE security from auditing WhatsApp’s Private Inference

Apr 7, 2026 2:50 PM

Tags: access, ai, attack, backdoor, breach, computing, control, data, encryption, exploit, firmware, flaw, Hardware, identity, malicious, nvidia, office, privacy, side-channel, software, threat, update, vulnerability

WhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted execution environments (TEEs), secure hardware enclaves designed so that not even Meta can access the plaintext. Our…
GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access

Apr 7, 2026 2:50 PM

Tags: access, attack, cyber, exploit, Hardware, privacy, vulnerability

A newly discovered vulnerability dubbed >>GPUBreach<< demonstrates that GPU-based Rowhammer attacks can now achieve complete system compromise. Scheduled for presentation at the IEEE Symposium on Security & Privacy in 2026, University of Toronto researchers revealed how manipulating GPU memory can lead to a full CPU root shell. Most alarmingly, this exploit successfully bypasses standard hardware…
Authentication is broken: Here’s how security leaders can actually fix it

Apr 6, 2026 12:51 PM

Tags: access, attack, authentication, backup, business, communications, control, credentials, cryptography, data, exploit, fido, firmware, Hardware, healthcare, identity, login, mfa, microsoft, okta, passkey, privacy, resilience, risk, soc, technology, update, windows

Sector snapshots: Where it breaks (and why that matters): Healthcare. Clinicians need tap and go speed with zero tolerance for downtime. One large hospital attempted to pair advanced HID SEOS credentials, which use privacy-preserving randomized IDs, with a clinical SSO platform that expects static IDs for user recognition. This architectural mismatch forced a choice between…
We know what day it is but these Raspberry Pi price hikes are no joke

Apr 3, 2026 1:51 AM

Tags: computer, Hardware, linux

Hot DRAM! Who is going to drop nearly $400 on an underpowered Linux computer? First seen on theregister.com Jump to article: www.theregister.com/2026/04/01/raspberry_pi_price_hikes/
Gigabyte Control Center: Schadcode-Lücke in verbreitetem Hardware-Steuertool

Apr 1, 2026 3:30 PM

Tags: control, exploit, Hardware

Viele Nutzer mit Gigabyte-Hardware verwenden das Gigabyte Control Center. Eine Lücke darin lässt Angreifer unter anderem Schadcode einschleusen. First seen on golem.de Jump to article: www.golem.de/news/gigabyte-control-center-schadcode-luecke-in-verbreitetem-hardware-steuertool-2604-207159.html