Cloud Supply Chain & AWS CodeBuild PrivEsc Exposed; GDDR6 Rowhammer to Root Shell

Cloud Supply Chain & AWS CodeBuild PrivEsc Exposed; GDDR6 Rowhammer to Root Shell Today's Highlights This week, a critical supply chain attack leveraging Trivy compromised the European Commission's cloud infrastructure, while new research unveiled undocumented AWS CodeBuild endpoints enabling privilege escalation and lateral movement. Additionally, a hardware zero-day dubbed GDDRHammer demonstrated achieving a root shell via Rowhammer on GDDR6 GPUs, complete with available exploit code. Trivy Supply Chain Attack Compromises European Commission Cloud (r/netsec) Source: https://reddit.com/r/netsec/comments/1se0u4e/trivy_supply_chain_attack_enabled_european/ This item reports a significant supply chain attack that led to a cloud breach within the European Commission. The attack reportedly leveraged a compromise related to Trivy, a popular open-source vulnerability scanner widely used for container and Kubernetes security. While the specific details of the Trivy-related exploit are not ful