#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Spectre | Breaking Cybersecurity News | The Hacker News

Category — Spectre
Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks

May 16, 2025 Hardware Security / Vulnerability
Researchers at ETH Zürich have discovered yet another security flaw that they say impacts all modern Intel CPUs and causes them to leak sensitive data from memory, showing that the vulnerability known as Spectre continues to haunt computer systems after more than seven years. The vulnerability, referred to as Branch Privilege Injection (BPI), "can be exploited to misuse the prediction calculations of the CPU (central processing unit) in order to gain unauthorized access to information from other processor users," ETH Zurich said . Kaveh Razavi, head of the Computer Security Group (COMSEC) and one of the authors of the study, said the shortcoming affects all Intel processors, potentially enabling bad actors to read the contents of the processor's cache and the working memory of another user of the same CPU. The attack leverages what's called Branch Predictor Race Conditions ( BPRC ) that emerge when a processor switches between prediction calculations for two use...
Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel

Apr 10, 2024 Hardware Security / Linux
Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and Network Security Group (VUSec) at Vrije Universiteit Amsterdam  said  in a new study. The shortcoming is being tracked as  CVE-2024-2201 . BHI was  first disclosed  by VUSec in March 2022, describing it as a technique that can get around Spectre v2 protections in modern processors from Intel, AMD, and Arm. While the attack leveraged extended Berkeley Packet Filters (eBPFs), Intel's recommendations to address the problem, among other things, were to disable Linux's unprivileged eBPFs. "Privileged managed runtimes that can be configured to allow an unprivileged user ...
GhostRace – New Data Leak Vulnerability Affects Modern CPUs

GhostRace – New Data Leak Vulnerability Affects Modern CPUs

Mar 15, 2024 Hardware Security / Data Protection
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed  GhostRace  ( CVE-2024-2193 ), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions. "All the common synchronization primitives implemented using conditional branches can be microarchitecturally bypassed on speculative paths using a branch misprediction attack, turning all architecturally race-free critical regions into Speculative Race Conditions (SRCs), allowing attackers to leak information from the target," the researchers  said . The findings from the Systems Security Research Group at IBM Research Europe and VUSec, the latter of which disclosed another side-channel attack called  SLAM  targeting modern processors in December 2023. Spectre refers to a  class of side-channel attacks  that exploit...
cyber security

New Webinar: Defend Against Scattered Spider's Latest TTPs for 2025

websitePush SecurityThreat Intelligence / Cyber Attack
Learn about Scattered Spider's latest identity attack techniques and how to defend your organization.
cyber security

Get Proactive About Protecting Your Digital Identity 

websiteVeeam SoftwareData Security / Microsoft Entra ID
Security threats are just one reason you need to protect Microsoft Entra ID data. Learn all 6 reasons today.
iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

iLeakage: New Safari Exploit Impacts Apple iPhones and Macs with A- and M-Series CPUs

Oct 26, 2023 Data Security / Vulnerability
A group of academics has devised a novel side-channel attack dubbed  iLeakage  that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution," researchers Jason Kim, Stephan van Schaik, Daniel Genkin, and Yuval Yarom  said  in a new study. In a practical attack scenario, the weakness could be exploited using a malicious web page to recover Gmail inbox content and even recover passwords that are autofilled by credential managers. iLeakage, besides being the first case of a  Spectre-style   speculative execution   attack  against Apple Silicon CPUs, also works against all third-party web browsers available for iOS and iPadOS owing to Apple's App Store policy that mandates all b...
New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems

Mar 29, 2021
Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as  Spectre  and obtain sensitive information from kernel memory. Discovered by  Piotr Krysiuk  of Symantec's Threat Hunter team, the flaws — tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) — impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions. While  CVE-2020-27170  can be abused to reveal content from any location within the kernel memory,  CVE-2020-27171 can be used to retrieve data from a 4GB range of kernel memory. First documented in January 2018,  Spectre and Meltdown  take advantage of flaws in modern processors to  leak data  that are curr...
Expert Insights Articles Videos
Cybersecurity Resources