Researchers Demonstrate GPU-Based Rowhammer Attack and Phishing Campaign Success

Researchers demonstrated a novel GPU-based Rowhammer attack capable of compromising CPU memory isolation, bypassing existing defenses like Target Row Refresh (TRR) on DDR4/DDR5 systems. The exploit, dubbed "GPU Rowhammer," leverages GPU memory access patterns to induce bit flips in adjacent CPU memory rows, enabling privilege escalation or data corruption. Separately, a phishing campaign using fake device enrollment codes saw a 37x increase in success rates by mimicking legitimate mobile device management (MDM) prompts. Additionally, "bucketsquatting"—a technique exploiting misconfigured cloud storage buckets—was declared ineffective due to improved default security settings in AWS S3 and Google Cloud Storage, reducing accidental public exposures by over 90% since 2023.