Daniel Weber
@d-we.bsky.social
Microarchitectural Security | PhD Student @ #CISPA
https://d-we.me
https://d-we.me
Reposted by Daniel Weber
For more details on the discovery process and our findings, we refer to our research paper, which is published at USENIX Security 2026.
paper: stackwarpattack.com
github: github.com/cispa/StackW...
\cc Tristan Hornetz, @d-we.bsky.social, Fabian Thomas, @misc0110.bsky.social
paper: stackwarpattack.com
github: github.com/cispa/StackW...
\cc Tristan Hornetz, @d-we.bsky.social, Fabian Thomas, @misc0110.bsky.social
StackWarp
stackwarpattack.com
January 15, 2026 at 6:29 PM
For more details on the discovery process and our findings, we refer to our research paper, which is published at USENIX Security 2026.
paper: stackwarpattack.com
github: github.com/cispa/StackW...
\cc Tristan Hornetz, @d-we.bsky.social, Fabian Thomas, @misc0110.bsky.social
paper: stackwarpattack.com
github: github.com/cispa/StackW...
\cc Tristan Hornetz, @d-we.bsky.social, Fabian Thomas, @misc0110.bsky.social
Reposted by Daniel Weber
Today we reveal StackWarp: a new CPU vulnerability exploiting a synchronization bug in AMD’s stack engine across Zen 1–5 CPUs. It enables deterministic manipulation of Confidential VM's stack pointer, allowing RCE and privilege escalation via both control- and data-flow hijacking.
January 15, 2026 at 6:27 PM
Today we reveal StackWarp: a new CPU vulnerability exploiting a synchronization bug in AMD’s stack engine across Zen 1–5 CPUs. It enables deterministic manipulation of Confidential VM's stack pointer, allowing RCE and privilege escalation via both control- and data-flow hijacking.
@ltrampert.bsky.social and I just gave a talk at Black Hat Asia showing how CSS can be abused to deanonymize you when opening an email!
cc: @blackhatevents.bsky.social #BHASIA25
cc: @blackhatevents.bsky.social #BHASIA25
April 3, 2025 at 2:50 PM
@ltrampert.bsky.social and I just gave a talk at Black Hat Asia showing how CSS can be abused to deanonymize you when opening an email!
cc: @blackhatevents.bsky.social #BHASIA25
cc: @blackhatevents.bsky.social #BHASIA25
Heading to Black Hat Asia now! @ltrampert.bsky.social and I will give a briefing about deanonymizing users not only on the web but also in their email clients! #bhasia
March 30, 2025 at 6:33 PM
Heading to Black Hat Asia now! @ltrampert.bsky.social and I will give a briefing about deanonymizing users not only on the web but also in their email clients! #bhasia
Reposted by Daniel Weber
