AMD
Company Details
Linkedin ID:
amd
Website:
Employees number:
49,754
Number of followers:
1,988,803
NAICS:
3344
Industry Type:
Homepage:
amd.com
IP Addresses:
0
Company ID:
AMD_1246645
Scan Status:
In-progress
AMD Company CyberSecurity Posture
amd.com
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. AMD together we advance_
AMD A.I CyberSecurity Scoring
AMD Risk Score (AI oriented)Between 800 and 849
AMD
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AMD Global Score (TPRM)XXXX
AMD
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AMD Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
AMD
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: RansomHouse gang claimed to have stolen 450 GB of data from the semiconductor giant AMD in a recent cyber attack. The stolen data from the firm includes research and financial information, which they were analyzed to determine its value after adding it to their data leak site. The compromised data includes a leaked a CSV containing a list of over 70,000 devices that appear to belong to AMD's internal network, as well as an alleged list of AMD corporate credentials for users with weak passwords
AMD
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AMD disclosed a critical security flaw named **RMPocalypse (CVE-2025-0033)** in its **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** mechanism, affecting multiple **EPYC processor series (7003, 8004, 9004, 9005, and Embedded variants)**. The vulnerability stems from **incomplete protections in the Reverse Map Paging (RMP) table initialization**, allowing attackers with **admin-level hypervisor access** to exploit a **race condition** during AMD Secure Processor (PSP) setup.Exploitation enables **arbitrary memory corruption**, bypassing SEV-SNP’s confidentiality and integrity guarantees. Attackers can **inject malicious code, forge security attestations, replay old states, or activate debug modes**, leading to **full compromise of confidential virtual machines (CVMs)** and **100% success rate in exfiltrating secrets**. While no evidence of active exploitation exists, the flaw undermines **cloud security foundations**, particularly in **Azure Confidential Computing (ACC)** and enterprise environments relying on AMD’s hardware-based isolation.Patches are available for most affected processors, though **Embedded 7003 and 9005 series fixes are delayed until November 2025**. The vulnerability highlights systemic risks in **trusted execution environments (TEEs)**, where **initialization gaps** can nullify all subsequent security assurances.
AMD Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AMD
Incidents vs Semiconductor Manufacturing Industry Average (This Year)
AMD has 12.36% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
AMD has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types AMD vs Semiconductor Manufacturing Industry Avg (This Year)
AMD reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — AMD (X = Date, Y = Severity)
AMD cyber incidents detection timeline including parent company and subsidiaries
AMD Company Subsidiaries
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. AMD together we advance_
Loading...
AMD Similar Companies
Analog Devices, Inc. (NASDAQ: ADI) is a global semiconductor leader that bridges the physical and digital worlds to enable breakthroughs at the Intelligent Edge. ADI combines analog, digital, and software technologies into solutions that help drive advancements in digitized factories, mobility, and
We are a global semiconductor company that designs, manufactures and sells analog and embedded processing chips for markets such as industrial, automotive, personal electronics, enterprise systems and communications equipment. At our core, we have a passion to create a better world by making electro
GlobalFoundries (GF) is one of the world’s leading semiconductor manufacturers. GF is redefining innovation and semiconductor manufacturing by developing and delivering feature-rich process technology solutions that provide leadership performance in pervasive high growth markets. GF offers a unique
Microchip Technology Inc. is a leading semiconductor supplier of smart, connected and secure embedded control solutions. Its easy-to-use development tools and comprehensive product portfolio enable customers to create optimal designs which reduce risk while lowering total system cost and time to mar
Renesas is an embedded semiconductor solution provider driven by its Purpose ‘To Make Our Lives Easier.’ As the industry’s leading expert in embedded processing with unmatched quality and system-level know-how, we have evolved to provide scalable and comprehensive semiconductor solutions for automot
Lam Research
Lam Research Corp. (NASDAQ:LRCX) At Lam Research, we create equipment that drives technological advancements in the semiconductor industry. Our innovative solutions enable chipmakers to power progress in nearly all aspects of modern life, and it takes each member of our team to make it possible. A
We believe that infrastructure powers progress. That execution is as essential as innovation. That better collaboration builds better technology. At Marvell, We go all in with you. Focused and determined, we unite behind your goals as our own. We leverage our unrivaled portfolio of infrastructure t
TSMC
Established in 1987, TSMC is the world's first dedicated semiconductor foundry. As the founder and a leader of the Dedicated IC Foundry segment, TSMC has built its reputation by offering advanced and "More-than-Moore" wafer production processes and unparalleled manufacturing efficiency. From its in
STMicroelectronics
ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life. ST’s products are found everywhere today, and together with our customers, we are enabling smarter driving and smarter factories, cities an
.png)
AMD CyberSecurity News
November 04, 2025 08:00 AM
AMD Zen 5 Processors RDSEED Vulnerability Breaks Integrity With Randomness
AMD disclosed a critical vulnerability affecting its Zen 5 processor that compromises a security feature in modern computing.
November 04, 2025 08:00 AM
AMD Confirms RDSEED Security Flaw In Zen 5 CPUs & Details Mitigation Plan
AMD Zen 5 CPUs can't correctly generate random numbers in certain conditions, creating a security flaw.
November 03, 2025 08:00 AM
⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
Explore major cyber shifts this week—from stealthy nation-state ops to new data exposure risks.
November 03, 2025 08:00 AM
AMD Zen 5 Processors Hit by RDSEED Vulnerability Breaking Randomness Integrity
The flaw represents a high-severity threat, earning a CVSS score of 7.2, and affects the 16-bit and 32-bit implementations of the...
October 29, 2025 07:00 AM
Android malware is human-like, sanctions weaken cyber ecosystems, Intel, AMD secrets extracted
Researchers at Dutch cybersecurity firm ThreatFabric identified an Android banking malware called Herodotus, which evades detection by...
October 29, 2025 07:00 AM
New TEE.fail Attack Breaks Trusted Environments to Exfiltrate Secrets from Intel and AMD DDR5 Environments
ChatGPT said:Researchers uncover TEE.fail, a DDR5-based attack exposing cryptographic keys from Intel and AMD trusted execution...
October 14, 2025 07:00 AM
RMPocalypse: New Attack Breaks AMD Confidential Computing
Vulnerability in the memory management of AMD processors allows researchers to break confidential computing integrity guarantees.
October 14, 2025 07:00 AM
CISA staff shift, AMD-OpenAI pact, ransomware cartel | Ep. 3
In today's 2-Minute Tech Briefing, Homeland Security's reassignment of CISA staff sparks cybersecurity concerns, AMD partners with OpenAI to...
October 13, 2025 07:00 AM
New RMPocalypse Attack Let Hackers Break AMD SEV-SNP To Exfiltrate Confidential Data
A critical vulnerability in AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP), a cornerstone of confidential...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AMD CyberSecurity History Information
Official Website of AMD
The official website of AMD is http://www.amd.com.
AMD’s AI-Generated Cybersecurity Score
According to Rankiteo, AMD’s AI-generated cybersecurity score is 819, reflecting their Good security posture.
How many security badges does AMD’ have ?
According to Rankiteo, AMD currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does AMD have SOC 2 Type 1 certification ?
According to Rankiteo, AMD is not certified under SOC 2 Type 1.
Does AMD have SOC 2 Type 2 certification ?
According to Rankiteo, AMD does not hold a SOC 2 Type 2 certification.
Does AMD comply with GDPR ?
According to Rankiteo, AMD is not listed as GDPR compliant.
Does AMD have PCI DSS certification ?
According to Rankiteo, AMD does not currently maintain PCI DSS compliance.
Does AMD comply with HIPAA ?
According to Rankiteo, AMD is not compliant with HIPAA regulations.
Does AMD have ISO 27001 certification ?
According to Rankiteo,AMD is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AMD
AMD operates primarily in the Semiconductor Manufacturing industry.
Number of Employees at AMD
AMD employs approximately 49,754 people worldwide.
Subsidiaries Owned by AMD
AMD presently has no subsidiaries across any sectors.
AMD’s LinkedIn Followers
AMD’s official LinkedIn profile has approximately 1,988,803 followers.
NAICS Classification of AMD
AMD is classified under the NAICS code 3344, which corresponds to Semiconductor and Other Electronic Component Manufacturing.
AMD’s Presence on Crunchbase
No, AMD does not have a profile on Crunchbase.
AMD’s Presence on LinkedIn
Yes, AMD maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/amd.
Cybersecurity Incidents Involving AMD
As of December 11, 2025, Rankiteo reports that AMD has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
AMD has an estimated 1,267 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AMD ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Ransomware.
How does AMD detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with eth zürich researchers (benedict schlüter, shweta shinde), and containment measures with amd-released patches, containment measures with bios updates for supermicro motherboards, containment measures with microsoft remediation for azure acc, and remediation measures with fixes for epyc processors (planned for november 2025 for embedded 7003/9005 series), and communication strategy with amd security advisory (released monday), communication strategy with public disclosure via eth zürich research paper..
Incident Details
Can you provide details on each incident ?
Title: RansomHouse Gang Data Breach at AMD
Description: RansomHouse gang claimed to have stolen 450 GB of data from the semiconductor giant AMD in a recent cyber attack. The stolen data includes research and financial information, which they were analyzed to determine its value after adding it to their data leak site. The compromised data includes a leaked CSV containing a list of over 70,000 devices that appear to belong to AMD's internal network, as well as an alleged list of AMD corporate credentials for users with weak passwords.
Type: Data Breach
Threat Actor: RansomHouse gang
Motivation: Financial GainData Theft
Title: RMPocalypse Vulnerability in AMD SEV-SNP (CVE-2025-0033)
Description: AMD has released fixes for a security flaw dubbed 'RMPocalypse' (CVE-2025-0033) that undermines the confidentiality and integrity protections of Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The vulnerability, discovered by ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits incomplete protections in AMD's Reverse Map Paging (RMP) table initialization, allowing attackers to perform a single memory write to corrupt the RMP. This can lead to arbitrary tampering with confidential virtual machines (CVMs), exfiltration of secrets, activation of hidden functions (e.g., debug mode), attestation forgeries, replay attacks, and foreign code injection. The flaw stems from a race condition during the AMD Secure Processor (PSP) initialization of the RMP, enabling a malicious hypervisor to manipulate its content. AMD has assigned a CVSS v4 score of 5.9 to the vulnerability.
Type: Vulnerability
Attack Vector: Local (Admin-Privileged Hypervisor)Memory Manipulation
Vulnerability Exploited: CVE-2025-0033 (Race Condition in AMD SEV-SNP RMP Initialization)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AMD138722
Data Compromised: Research information, Financial information, Internal network devices list, Corporate credentials
Incident : Vulnerability AMD1932419101425
Data Compromised: Sensitive information in confidential virtual machines (cvms), Secrets (100% success rate), Guest memory integrity
Systems Affected: AMD EPYC™ 7003 Series ProcessorsAMD EPYC™ 8004 Series ProcessorsAMD EPYC™ 9004 Series ProcessorsAMD EPYC™ 9005 Series ProcessorsAMD EPYC™ Embedded 7003 Series Processors (Fix planned for November 2025)AMD EPYC™ Embedded 8004 Series ProcessorsAMD EPYC™ Embedded 9004 Series ProcessorsAMD EPYC™ Embedded 9005 Series Processors (Fix planned for November 2025)Azure Confidential Computing (ACC) AMD-based clustersSupermicro motherboards (requiring BIOS updates)
Operational Impact: Loss of SEV-SNP Guest Memory IntegrityFull Breach of ConfidentialityBypass of Protective Functions in CVMs
Brand Reputation Impact: Potential Erosion of Trust in AMD's Confidential Computing Guarantees
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Research Information, Financial Information, Internal Network Devices List, Corporate Credentials, , Guest Memory In Cvms, Secrets, Security Metadata In Rmp Table and .
Which entities were affected by each incident ?
Incident : Vulnerability AMD1932419101425
Entity Name: Advanced Micro Devices (AMD)
Entity Type: Corporation
Industry: Semiconductors/Chipmaking
Location: Santa Clara, California, USA
Customers Affected: Cloud Service Providers (e.g., Microsoft Azure), Enterprise Customers Using EPYC Processors, Supermicro Motherboard Users
Incident : Vulnerability AMD1932419101425
Entity Name: Microsoft (Azure Confidential Computing)
Entity Type: Corporation
Industry: Cloud Computing
Location: Redmond, Washington, USA
Customers Affected: Azure Customers Using AMD-based Confidential Computing Clusters
Incident : Vulnerability AMD1932419101425
Entity Name: Supermicro
Entity Type: Corporation
Industry: Hardware/Server Manufacturing
Location: San Jose, California, USA
Customers Affected: Customers Using Affected Motherboard SKUs
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability AMD1932419101425
Incident Response Plan Activated: True
Third Party Assistance: Eth Zürich Researchers (Benedict Schlüter, Shweta Shinde).
Containment Measures: AMD-Released PatchesBIOS Updates for Supermicro MotherboardsMicrosoft Remediation for Azure ACC
Remediation Measures: Fixes for EPYC Processors (Planned for November 2025 for Embedded 7003/9005 Series)
Communication Strategy: AMD Security Advisory (Released Monday)Public Disclosure via ETH Zürich Research Paper
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through ETH Zürich Researchers (Benedict Schlüter, Shweta Shinde), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AMD138722
Type of Data Compromised: Research information, Financial information, Internal network devices list, Corporate credentials
Sensitivity of Data: High
File Types Exposed: CSV
Incident : Vulnerability AMD1932419101425
Type of Data Compromised: Guest memory in cvms, Secrets, Security metadata in rmp table
Sensitivity of Data: High (Confidential Computing Secrets, VM Memory Contents)
Data Encryption: ['SEV-SNP (Compromised Due to RMP Corruption)']
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Fixes for EPYC Processors (Planned for November 2025 for Embedded 7003/9005 Series), .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by amd-released patches, bios updates for supermicro motherboards, microsoft remediation for azure acc and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach AMD138722
Data Exfiltration: True
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability AMD1932419101425
Lessons Learned: Incomplete protection mechanisms in hardware security features (e.g., RMP) can create critical attack surfaces., Race conditions during initialization phases of security components (e.g., PSP/RMP) require robust safeguards., Single memory corruption (e.g., 8-byte overwrite in RMP) can fully compromise system-wide integrity and confidentiality., Hypervisor-level attacks can undermine confidential computing guarantees, necessitating defense-in-depth strategies.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability AMD1932419101425
Recommendations: Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Incomplete protection mechanisms in hardware security features (e.g., RMP) can create critical attack surfaces.,Race conditions during initialization phases of security components (e.g., PSP/RMP) require robust safeguards.,Single memory corruption (e.g., 8-byte overwrite in RMP) can fully compromise system-wide integrity and confidentiality.,Hypervisor-level attacks can undermine confidential computing guarantees, necessitating defense-in-depth strategies.
References
Where can I find more information about each incident ?
Incident : Vulnerability AMD1932419101425
Source: AMD Security Advisory for CVE-2025-0033
Incident : Vulnerability AMD1932419101425
Source: ETH Zürich Research Paper on RMPocalypse
Incident : Vulnerability AMD1932419101425
Source: Microsoft Azure Advisory on CVE-2025-0033
Incident : Vulnerability AMD1932419101425
Source: Supermicro Security Bulletin
Incident : Vulnerability AMD1932419101425
Source: The Hacker News - 'RMPocalypse: New AMD Flaw Breaks SEV-SNP Confidential Computing Guarantees'
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: AMD Security Advisory for CVE-2025-0033, and Source: ETH Zürich Research Paper on RMPocalypse, and Source: Microsoft Azure Advisory on CVE-2025-0033, and Source: Supermicro Security Bulletin, and Source: The Hacker News - 'RMPocalypse: New AMD Flaw Breaks SEV-SNP Confidential Computing Guarantees'.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability AMD1932419101425
Investigation Status: Ongoing (Patches Released; Embedded Series Fixes Planned for November 2025)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Amd Security Advisory (Released Monday) and Public Disclosure Via Eth Zürich Research Paper.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability AMD1932419101425
Stakeholder Advisories: Amd Customers, Cloud Service Providers, Enterprise It Administrators, Supermicro Motherboard Users.
Customer Advisories: Apply firmware updates for affected EPYC processors.Azure customers: Monitor Microsoft advisories for ACC cluster remediation.Review confidential workloads for potential exposure due to SEV-SNP bypass.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Amd Customers, Cloud Service Providers, Enterprise It Administrators, Supermicro Motherboard Users, Apply Firmware Updates For Affected Epyc Processors., Azure Customers: Monitor Microsoft Advisories For Acc Cluster Remediation., Review Confidential Workloads For Potential Exposure Due To Sev-Snp Bypass. and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability AMD1932419101425
Root Causes: Race Condition During Amd Secure Processor (Psp) Initialization Of The Rmp Table., Inadequate Protection Of Rmp During Vm Startup, Creating A Window For Corruption., Single Memory Write Vulnerability In Rmp Leading To System-Wide Compromise., Design Assumption That Rmp Would Be Fully Protected During Initialization Proved Flawed.,
Corrective Actions: Amd Patches To Eliminate Race Condition In Rmp Initialization., Bios Updates For Supermicro Motherboards To Enforce Rmp Integrity., Microsoft Remediation For Azure Acc Clusters To Prevent Hypervisor-Level Exploitation., Planned Fixes For Embedded Epyc Series (November 2025).,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Eth Zürich Researchers (Benedict Schlüter, Shweta Shinde), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Amd Patches To Eliminate Race Condition In Rmp Initialization., Bios Updates For Supermicro Motherboards To Enforce Rmp Integrity., Microsoft Remediation For Azure Acc Clusters To Prevent Hypervisor-Level Exploitation., Planned Fixes For Embedded Epyc Series (November 2025)., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an RansomHouse gang.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Research Information, Financial Information, Internal Network Devices List, Corporate Credentials, , Sensitive Information in Confidential Virtual Machines (CVMs), Secrets (100% Success Rate), Guest Memory Integrity and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was AMD EPYC™ 7003 Series ProcessorsAMD EPYC™ 8004 Series ProcessorsAMD EPYC™ 9004 Series ProcessorsAMD EPYC™ 9005 Series ProcessorsAMD EPYC™ Embedded 7003 Series Processors (Fix planned for November 2025)AMD EPYC™ Embedded 8004 Series ProcessorsAMD EPYC™ Embedded 9004 Series ProcessorsAMD EPYC™ Embedded 9005 Series Processors (Fix planned for November 2025)Azure Confidential Computing (ACC) AMD-based clustersSupermicro motherboards (requiring BIOS updates).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was eth zürich researchers (benedict schlüter, shweta shinde), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was AMD-Released PatchesBIOS Updates for Supermicro MotherboardsMicrosoft Remediation for Azure ACC.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Research Information, Guest Memory Integrity, Sensitive Information in Confidential Virtual Machines (CVMs), Internal Network Devices List, Financial Information, Corporate Credentials and Secrets (100% Success Rate).
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Hypervisor-level attacks can undermine confidential computing guarantees, necessitating defense-in-depth strategies.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches., Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Cloud providers (e.g. and Azure) should prioritize remediation for confidential computing clusters..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Supermicro Security Bulletin, AMD Security Advisory for CVE-2025-0033, ETH Zürich Research Paper on RMPocalypse, The Hacker News - 'RMPocalypse: New AMD Flaw Breaks SEV-SNP Confidential Computing Guarantees' and Microsoft Azure Advisory on CVE-2025-0033.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Patches Released; Embedded Series Fixes Planned for November 2025).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was AMD Customers, Cloud Service Providers, Enterprise IT Administrators, Supermicro Motherboard Users, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Apply firmware updates for affected EPYC processors.Azure customers: Monitor Microsoft advisories for ACC cluster remediation.Review confidential workloads for potential exposure due to SEV-SNP bypass.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=amd' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
