New ThreatWire Video Highlights Critical Cybersecurity Issues

In this new video from ThreatWire, several crucial topics in cybersecurity are addressed. Firstly, NVIDIA has issued a security advisory regarding a high-severity vulnerability affecting various types of DRAM GPUs. Researchers from the University of Toronto recently published a scientific paper demonstrating the use of a Rowhammer attack on GPUs. This attack, discovered in 2014, involves rapidly hammering the physical rows of memory, which can lead to data modifications or corruptions. Although this method was initially mitigated for CPUs, researchers have found that it also works on GPUs, particularly those using GDDR memory, which is essential for machine learning applications.

Rowhammer attacks on GPUs present unique challenges, such as the proprietary mapping of physical memory to GDDR banks and rows, high memory latency, faster refresh rates, and proprietary mitigations that are difficult to reverse without FPGA test platforms. The researchers demonstrated the exploit using an Nvidia A6000 GPU with GDDR6 memory without ECC enabled. When ECC was enabled, the attack did not work. NVIDIA has recommended enabling ECC at the system level to mitigate this attack on affected products.

Another topic covered is the active exploitation of Citrix Bleed 2, a new attack on Citrix products discovered in June 2025. This attack uses an out-of-bounds memory read to bypass authentication, affecting the same products as the original Citrix Bleed attack from 2023. The CVE for this out-of-bounds read, CVE 20255777, was added to the CISA's catalog of known exploited vulnerabilities this week. Citrix initially denied any active exploitation but has since acknowledged that the attack is indeed being exploited in the wild. This acknowledgment came after researchers published two functional versions of the exploit and evidence of exploit attempts as early as June 23, thanks to Grey Noise honeypot telemetry.

The video concludes with an invitation for viewers to share their cybersecurity news sources, emphasizing the importance of staying informed in this ever-evolving field. Ally Diamond, the host, encourages viewers to comment and share their favorite sources to enrich the community.

To learn more, watch the full video: https://www.youtube.com/watch?v=zEN0pGH4gos