Cloudy with a Chance of Hacks: Researchers Unveil How to Leak Data from Public Clouds

Academic researchers have proven that the L1TF vulnerability, thought to be a relic of the past, is back for an encore performance in public clouds. By combining it with half-Spectre, they’ve managed to leak sensitive data faster than a cat meme can go viral. Google Cloud even rewarded them with a hefty $151,515!

3P
Published: September 22, 2025 12:51 pmAdded: September 22, 2025 at 6:03 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew CPUs could be such gossip queens? Looks like they’ve spilled the beans on virtual machines in the public cloud, and now everyone wants a piece of the juicy intel (pun intended). Move over, social media influencers—there’s a new leak in town, and it’s coming straight from inside the cloud!

Key Points:

  • Researchers combined L1TF and half-Spectre vulnerabilities to leak data from public cloud environments.
  • The attack, dubbed “L1TF Reloaded,” bypasses standard software mitigations.
  • Execution was successful on Google Cloud, leaking sensitive information like TLS keys.
  • The technique exploits the CPU’s transient execution to access unauthorized data.
  • Google rewarded the researchers for their discovery, emphasizing the importance of cloud security defenses.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?