End-of-Day report
Timeframe: Donnerstag 02-04-2026 18:00 - Freitag 03-04-2026 18:00
Handler: Guenes Holler
Co-Handler: Michael Schlagenhaufer
News
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Over the past decade, dozens of newer Rowhammer attacks have evolved to, among other things [..] On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia-s Ampere generation that take GPU rowhammering into new-and potentially much more consequential-territory: GDDR bitflips that give adversaries full control of CPU memory, resulting in full system compromise of the host machine. For the attack to work, IOMMU memory management must be disabled, as is the default in BIOS settings.
https://arstechnica.com/security/2026/04/new-rowhammer-attacks-give-complete-control-of-machines-running-nvidia-gpus/
Picking Up Skull Vibrations? Could Be XR Headset Authentication
The next frontier for biometric authentication may be upon us, and it involves the vibrations of one's skull. Last week, a research team led by Rutgers University introduced a new biometric authentication software compatible with extended reality (XR) headsets - the umbrella term for virtual reality, augmented reality, and mixed reality hardware.
https://www.darkreading.com/remote-workforce/skull-vibrations-could-be-xr-headset-authentication
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.
https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
Source code with a side of Vidar stealer and GhostSocks Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.
https://go.theregister.com/feed/www.theregister.com/2026/04/02/trojanized_claude_code_leak_github/
Neuer "Storm"-Infostealer klaut Zugangsdaten und wird im Darknet angeboten
Sicherheitsforscher von den Varonis Threat Labs sind Anfang 2026 auf einen neuen Infostealer -Storm" gestoßen. Der wird derzeit unter Cyberkriminellen gehandelt und kann remote Sitzungsdaten aus den derzeit beliebtesten Browsern (Google Chrome, Microsoft Edge und Mozilla Firefox) sammeln.
https://borncity.com/blog/2026/04/03/neuer-storm-infostealer-klaut-zugangsdaten-und-wird-im-darknet-angeboten/
Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads
A packaging error in Anthropic-s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.
https://www.trendmicro.com/en_us/research/26/d/weaponizing-trust-signals-claude-code-lures-and-github-release-payloads.html
Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise
On March 31, two malicious versions of Axios were briefly published to npm, introducing a dependency that installed a remote access trojan across macOS, Windows, and Linux.We covered the initial attack and its scope earlier, as well as a deeper technical analysis of its hidden blast radius and how dependency resolution expanded its impact exponentially. Now, the project-s lead maintainer has shared additional details about how the compromise occurred.
https://socket.dev/blog/axios-maintainer-confirms-social-engineering-behind-npm-compromise
Vulnerabilities
LWN: Security updates for Friday
https://lwn.net/Articles/1066236/