Reports
AI-generated structured vendor updates
NVIDIA CUDA Heap Overflow Exposes GPU Cloud Isolation Flaw: Driver-Level Security Must Move to Hardware
At Pwn2Own Berlin 2026, a heap overflow in NVIDIA CUDA Toolkit's NVVM compiler (CVE-2026-12839) enabled GPU cloud cross-tenant escape. The attack chain from malicious PTX to driver compromise to host kernel breaks current driver-level isolation, forcing a fundamental security architecture re-evaluation for shared GPU AI infrastructure.
Trend Micro Report Highlights AI Supply Chain Risks and Model Attack Surfaces
Trend Micro's 'Fault Lines in the AI Ecosystem' report systematically analyzes security risks in the AI supply chain, including training data poisoning, third-party plugin vulnerabilities, and model theft attacks. It indicates that enterprise AI security boundaries have expanded from traditional IT infrastructure to the model layer and data pipelines.
Trend Micro Reveals Novel Docker Desktop WSL2 VM Escape Attack Surface
Trend Micro has discovered novel virtual machine escape techniques in Docker Desktop under WSL2, allowing attackers to leverage exposed internal APIs and configuration mechanisms to break out of the container environment and execute arbitrary code on the host. This exposes serious security boundary risks hidden within development toolchains.