AMD
Company Details
Linkedin ID:
amd
Website:
Employees number:
49,754
Number of followers:
1,988,803
NAICS:
3344
Industry Type:
Homepage:
amd.com
IP Addresses:
0
Company ID:
AMD_1246645
Scan Status:
In-progress
AMD Company CyberSecurity Posture
amd.com
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. AMD together we advance_
AMD A.I CyberSecurity Scoring
AMD Risk Score (AI oriented)Between 800 and 849
AMD
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
AMD Global Score (TPRM)XXXX
AMD
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
AMD Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
AMD
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: RansomHouse gang claimed to have stolen 450 GB of data from the semiconductor giant AMD in a recent cyber attack. The stolen data from the firm includes research and financial information, which they were analyzed to determine its value after adding it to their data leak site. The compromised data includes a leaked a CSV containing a list of over 70,000 devices that appear to belong to AMD's internal network, as well as an alleged list of AMD corporate credentials for users with weak passwords
AMD
Vulnerability
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: AMD disclosed a security vulnerability, designated as CVE-2024-36347 with a CVSS score of 6.4, affecting a broad range of processors. This flaw, discovered by Google researchers, lies in the improper signature verification of AMD’s CPU ROM microcode patch loader, allowing attackers with administrative privileges to load unauthorized microcode patches. The vulnerability has serious implications for system integrity and confidentiality, potentially resulting in compromised execution, data breaches, and System Management Mode (SMM) environment threats. While no real-world attacks have been reported, the theoretical impact could be severe, necessitating timely firmware updates to mitigate risks.
AMD
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: AMD disclosed a critical security flaw named **RMPocalypse (CVE-2025-0033)** in its **Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP)** mechanism, affecting multiple **EPYC processor series (7003, 8004, 9004, 9005, and Embedded variants)**. The vulnerability stems from **incomplete protections in the Reverse Map Paging (RMP) table initialization**, allowing attackers with **admin-level hypervisor access** to exploit a **race condition** during AMD Secure Processor (PSP) setup.Exploitation enables **arbitrary memory corruption**, bypassing SEV-SNP’s confidentiality and integrity guarantees. Attackers can **inject malicious code, forge security attestations, replay old states, or activate debug modes**, leading to **full compromise of confidential virtual machines (CVMs)** and **100% success rate in exfiltrating secrets**. While no evidence of active exploitation exists, the flaw undermines **cloud security foundations**, particularly in **Azure Confidential Computing (ACC)** and enterprise environments relying on AMD’s hardware-based isolation.Patches are available for most affected processors, though **Embedded 7003 and 9005 series fixes are delayed until November 2025**. The vulnerability highlights systemic risks in **trusted execution environments (TEEs)**, where **initialization gaps** can nullify all subsequent security assurances.
AMD
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Researchers discovered a critical vulnerability in AMD's Zen CPUs, termed 'EntrySign,' which allows attackers with high privileges to install malicious microcode by exploiting the AES-CMAC algorithm's flaw used in validation processes. This vulnerability affects AMD Zen architecture CPUs from versions 1 to 4, enabling attackers to bypass cryptographic checks and potentially gain persistent access to manipulate the processors' instruction set. The impact of such an attack could be especially severe if the compromised CPUs are used in cloud services and AI infrastructures, posing risks to data integrity, system reliability, and the security posture of affected entities.
AMD
Vulnerability
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The disclosure of the Sinkclose vulnerability, affecting AMD processors since 2006, showcases a significant security oversight allowing hackers to gain access to the privileged System Management Mode. By implanting a bootkit, attackers gain persistent, undetectable control over a system, monitoring activity and surviving system reinstalls. The flaw exposes countless systems to a level of compromise where the only solution may be the physical disposal of the infected machine. This vulnerability not only undermines the trust in device security but also signifies immense potential losses in data integrity and financial repercussions for both AMD and affected users.
AMD Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for AMD
Incidents vs Semiconductor Manufacturing Industry Average (This Year)
AMD has 185.71% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
AMD has 156.41% more incidents than the average of all companies with at least one recorded incident.
Incident Types AMD vs Semiconductor Manufacturing Industry Avg (This Year)
AMD reported 2 incidents this year: 0 cyber attacks, 0 ransomware, 2 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — AMD (X = Date, Y = Severity)
AMD cyber incidents detection timeline including parent company and subsidiaries
AMD Company Subsidiaries
We care deeply about transforming lives with AMD technology to enrich our industry, our communities, and the world. Our mission is to build great products that accelerate next-generation computing experiences – the building blocks for the data center, artificial intelligence, PCs, gaming and embedded. Underpinning our mission is the AMD culture. We push the limits of innovation to solve the world’s most important challenges. We strive for execution excellence while being direct, humble, collaborative, and inclusive of diverse perspectives. AMD together we advance_
Loading...
AMD Similar Companies
Micron is an industry leader in innovative memory and storage solutions transforming how the world uses information to enrich life for all. With a relentless focus on our customers, technology leadership, and manufacturing and operational excellence, Micron delivers a rich portfolio of high-performa
We are a global semiconductor company that designs, manufactures and sells analog and embedded processing chips for markets such as industrial, automotive, personal electronics, enterprise systems and communications equipment. At our core, we have a passion to create a better world by making electro
We anticipate tomorrow’s needs—navigating a changing world by bringing together technology's brightest minds to build game-changing solutions that propel us forward. NXP Semiconductors N.V. (NASDAQ: NXPI) is the trusted partner for innovative solutions in the automotive, industrial & IoT, mobile, an
GlobalFoundries (GF) is one of the world’s leading semiconductor manufacturers. GF is redefining innovation and semiconductor manufacturing by developing and delivering feature-rich process technology solutions that provide leadership performance in pervasive high growth markets. GF offers a unique
onsemi (Nasdaq: ON) is driving disruptive innovations to help build a better future. With a focus on automotive and industrial end-markets, the company is accelerating change in megatrends such as vehicle electrification and safety, sustainable energy grids, industrial automation, and 5G and cloud i
TSMC
Established in 1987, TSMC is the world's first dedicated semiconductor foundry. As the founder and a leader of the Dedicated IC Foundry segment, TSMC has built its reputation by offering advanced and "More-than-Moore" wafer production processes and unparalleled manufacturing efficiency. From its in
ASML
Who are we? ASML is an innovation leader in the global semiconductor industry. We make machines that chipmakers use to mass produce microchips. Founded in 1984 in the Netherlands with just a handful of employees, we’ve now grown to over 40,000 employees, 143 nationalities and more than 60 locations
KLA develops industry-leading equipment and services that enable innovation throughout the electronics industry. We provide advanced process control and process-enabling solutions for manufacturing wafers and reticles, integrated circuits, packaging and printed circuit boards. In close collaboration
We believe that infrastructure powers progress. That execution is as essential as innovation. That better collaboration builds better technology. At Marvell, We go all in with you. Focused and determined, we unite behind your goals as our own. We leverage our unrivaled portfolio of infrastructure t
.png)
AMD CyberSecurity News
December 03, 2025 08:00 AM
HPE Backs AMD’s Big AI Swing: Open Platform Experience
HPE backs AMD's Helios rack-scale AI platform, pushing open Ethernet designs that challenge proprietary GPU systems and reshape next-gen AI...
November 26, 2025 08:00 AM
Chip Stocks in Spotlight After BofA Calls Nvidia, AMD, Broadcom Top AI Plays
BofA's analysts pointed to sustained demand for AI chips, cloud infrastructure and cybersecurity tools, saying the group should see...
November 25, 2025 08:00 AM
AMD, Cisco and HUMAIN Announce JV to Build 1 GW of AI Infrastructure in Saudi Arabia
The new venture plans a 100 MW Phase 1 deployment in 2026, marking one of the Kingdom's largest AI infrastructure commitments to date.. AMD...
November 12, 2025 08:00 AM
AMD’s MK1 Buy Signals a Push Into AI Reasoning
AMD acquires AI startup MK1, founded by ex-Neuralink engineers, to boost inference and reasoning performance on Instinct GPUs and strengthen...
November 04, 2025 08:00 AM
AMD Zen 5 Processors RDSEED Vulnerability Breaks Integrity With Randomness
AMD disclosed a critical vulnerability affecting its Zen 5 processor that compromises a security feature in modern computing.
November 03, 2025 08:00 AM
⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
Explore major cyber shifts this week—from stealthy nation-state ops to new data exposure risks.
November 03, 2025 08:00 AM
AMD Zen 5 Processors Hit by RDSEED Vulnerability Breaking Randomness Integrity
The flaw represents a high-severity threat, earning a CVSS score of 7.2, and affects the 16-bit and 32-bit implementations of the...
October 31, 2025 07:00 AM
Cisco, G42 Expand UAE AI Infrastructure Partnership with AMD MI350X Deployment
The move includes deploying large-scale AI compute powered by AMD's new MI350X GPUs and Cisco's full-stack data-centre architecture...
October 29, 2025 07:00 AM
Android malware is human-like, sanctions weaken cyber ecosystems, Intel, AMD secrets extracted
Researchers at Dutch cybersecurity firm ThreatFabric identified an Android banking malware called Herodotus, which evades detection by...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
AMD CyberSecurity History Information
Official Website of AMD
The official website of AMD is http://www.amd.com.
AMD’s AI-Generated Cybersecurity Score
According to Rankiteo, AMD’s AI-generated cybersecurity score is 815, reflecting their Good security posture.
How many security badges does AMD’ have ?
According to Rankiteo, AMD currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does AMD have SOC 2 Type 1 certification ?
According to Rankiteo, AMD is not certified under SOC 2 Type 1.
Does AMD have SOC 2 Type 2 certification ?
According to Rankiteo, AMD does not hold a SOC 2 Type 2 certification.
Does AMD comply with GDPR ?
According to Rankiteo, AMD is not listed as GDPR compliant.
Does AMD have PCI DSS certification ?
According to Rankiteo, AMD does not currently maintain PCI DSS compliance.
Does AMD comply with HIPAA ?
According to Rankiteo, AMD is not compliant with HIPAA regulations.
Does AMD have ISO 27001 certification ?
According to Rankiteo,AMD is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of AMD
AMD operates primarily in the Semiconductor Manufacturing industry.
Number of Employees at AMD
AMD employs approximately 49,754 people worldwide.
Subsidiaries Owned by AMD
AMD presently has no subsidiaries across any sectors.
AMD’s LinkedIn Followers
AMD’s official LinkedIn profile has approximately 1,988,803 followers.
NAICS Classification of AMD
AMD is classified under the NAICS code 3344, which corresponds to Semiconductor and Other Electronic Component Manufacturing.
AMD’s Presence on Crunchbase
No, AMD does not have a profile on Crunchbase.
AMD’s Presence on LinkedIn
Yes, AMD maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/amd.
Cybersecurity Incidents Involving AMD
As of December 25, 2025, Rankiteo reports that AMD has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
AMD has an estimated 1,272 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at AMD ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Ransomware.
How does AMD detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an recovery measures with physical disposal of infected machines, and remediation measures with firmware updates, and and third party assistance with eth zürich researchers (benedict schlüter, shweta shinde), and containment measures with amd-released patches, containment measures with bios updates for supermicro motherboards, containment measures with microsoft remediation for azure acc, and remediation measures with fixes for epyc processors (planned for november 2025 for embedded 7003/9005 series), and communication strategy with amd security advisory (released monday), communication strategy with public disclosure via eth zürich research paper..
Incident Details
Can you provide details on each incident ?
Title: RansomHouse Gang Data Breach at AMD
Description: RansomHouse gang claimed to have stolen 450 GB of data from the semiconductor giant AMD in a recent cyber attack. The stolen data includes research and financial information, which they were analyzed to determine its value after adding it to their data leak site. The compromised data includes a leaked CSV containing a list of over 70,000 devices that appear to belong to AMD's internal network, as well as an alleged list of AMD corporate credentials for users with weak passwords.
Type: Data Breach
Threat Actor: RansomHouse gang
Motivation: Financial GainData Theft
Title: Sinkclose Vulnerability Affecting AMD Processors
Description: The Sinkclose vulnerability affects AMD processors since 2006, allowing hackers to gain access to the privileged System Management Mode by implanting a bootkit. This results in persistent, undetectable control over a system, monitoring activity and surviving system reinstalls. The flaw exposes countless systems to a level of compromise where the only solution may be the physical disposal of the infected machine. This vulnerability undermines trust in device security and signifies immense potential losses in data integrity and financial repercussions for both AMD and affected users.
Type: Vulnerability Exploitation
Attack Vector: Bootkit
Vulnerability Exploited: Sinkclose vulnerability
Motivation: Persistent, undetectable control over systems
Title: EntrySign Vulnerability in AMD Zen CPUs
Description: Researchers discovered a critical vulnerability in AMD's Zen CPUs, termed 'EntrySign,' which allows attackers with high privileges to install malicious microcode by exploiting the AES-CMAC algorithm's flaw used in validation processes. This vulnerability affects AMD Zen architecture CPUs from versions 1 to 4, enabling attackers to bypass cryptographic checks and potentially gain persistent access to manipulate the processors' instruction set. The impact of such an attack could be especially severe if the compromised CPUs are used in cloud services and AI infrastructures, posing risks to data integrity, system reliability, and the security posture of affected entities.
Type: Vulnerability Exploitation
Attack Vector: High Privilege Attack
Vulnerability Exploited: AES-CMAC algorithm flaw
Title: AMD CPU ROM Microcode Patch Loader Vulnerability
Description: A security vulnerability, designated as CVE-2024-36347 with a CVSS score of 6.4, affecting a broad range of processors. This flaw, discovered by Google researchers, lies in the improper signature verification of AMD’s CPU ROM microcode patch loader, allowing attackers with administrative privileges to load unauthorized microcode patches. The vulnerability has serious implications for system integrity and confidentiality, potentially resulting in compromised execution, data breaches, and System Management Mode (SMM) environment threats. While no real-world attacks have been reported, the theoretical impact could be severe, necessitating timely firmware updates to mitigate risks.
Type: Vulnerability
Attack Vector: Improper signature verification in CPU ROM microcode patch loader
Vulnerability Exploited: CVE-2024-36347
Title: RMPocalypse Vulnerability in AMD SEV-SNP (CVE-2025-0033)
Description: AMD has released fixes for a security flaw dubbed 'RMPocalypse' (CVE-2025-0033) that undermines the confidentiality and integrity protections of Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The vulnerability, discovered by ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits incomplete protections in AMD's Reverse Map Paging (RMP) table initialization, allowing attackers to perform a single memory write to corrupt the RMP. This can lead to arbitrary tampering with confidential virtual machines (CVMs), exfiltration of secrets, activation of hidden functions (e.g., debug mode), attestation forgeries, replay attacks, and foreign code injection. The flaw stems from a race condition during the AMD Secure Processor (PSP) initialization of the RMP, enabling a malicious hypervisor to manipulate its content. AMD has assigned a CVSS v4 score of 5.9 to the vulnerability.
Type: Vulnerability
Attack Vector: Local (Admin-Privileged Hypervisor)Memory Manipulation
Vulnerability Exploited: CVE-2025-0033 (Race Condition in AMD SEV-SNP RMP Initialization)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach AMD138722
Data Compromised: Research information, Financial information, Internal network devices list, Corporate credentials
Incident : Vulnerability Exploitation AMD000081024
Systems Affected: AMD processors since 2006
Brand Reputation Impact: Undermines trust in device security
Incident : Vulnerability Exploitation AMD658030725
Systems Affected: AMD Zen architecture CPUs from versions 1 to 4
Operational Impact: Data integritySystem reliabilitySecurity posture
Incident : Vulnerability AMD1932419101425
Data Compromised: Sensitive information in confidential virtual machines (cvms), Secrets (100% success rate), Guest memory integrity
Systems Affected: AMD EPYC™ 7003 Series ProcessorsAMD EPYC™ 8004 Series ProcessorsAMD EPYC™ 9004 Series ProcessorsAMD EPYC™ 9005 Series ProcessorsAMD EPYC™ Embedded 7003 Series Processors (Fix planned for November 2025)AMD EPYC™ Embedded 8004 Series ProcessorsAMD EPYC™ Embedded 9004 Series ProcessorsAMD EPYC™ Embedded 9005 Series Processors (Fix planned for November 2025)Azure Confidential Computing (ACC) AMD-based clustersSupermicro motherboards (requiring BIOS updates)
Operational Impact: Loss of SEV-SNP Guest Memory IntegrityFull Breach of ConfidentialityBypass of Protective Functions in CVMs
Brand Reputation Impact: Potential Erosion of Trust in AMD's Confidential Computing Guarantees
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Research Information, Financial Information, Internal Network Devices List, Corporate Credentials, , Guest Memory In Cvms, Secrets, Security Metadata In Rmp Table and .
Which entities were affected by each incident ?
Incident : Vulnerability Exploitation AMD000081024
Entity Name: AMD
Entity Type: Organization
Industry: Technology
Incident : Vulnerability Exploitation AMD658030725
Entity Name: AMD
Entity Type: Company
Industry: Technology
Incident : Vulnerability AMD1932419101425
Entity Name: Advanced Micro Devices (AMD)
Entity Type: Corporation
Industry: Semiconductors/Chipmaking
Location: Santa Clara, California, USA
Customers Affected: Cloud Service Providers (e.g., Microsoft Azure), Enterprise Customers Using EPYC Processors, Supermicro Motherboard Users
Incident : Vulnerability AMD1932419101425
Entity Name: Microsoft (Azure Confidential Computing)
Entity Type: Corporation
Industry: Cloud Computing
Location: Redmond, Washington, USA
Customers Affected: Azure Customers Using AMD-based Confidential Computing Clusters
Incident : Vulnerability AMD1932419101425
Entity Name: Supermicro
Entity Type: Corporation
Industry: Hardware/Server Manufacturing
Location: San Jose, California, USA
Customers Affected: Customers Using Affected Motherboard SKUs
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation AMD000081024
Recovery Measures: Physical disposal of infected machines
Incident : Vulnerability AMD916041125
Remediation Measures: Firmware updates
Incident : Vulnerability AMD1932419101425
Incident Response Plan Activated: True
Third Party Assistance: Eth Zürich Researchers (Benedict Schlüter, Shweta Shinde).
Containment Measures: AMD-Released PatchesBIOS Updates for Supermicro MotherboardsMicrosoft Remediation for Azure ACC
Remediation Measures: Fixes for EPYC Processors (Planned for November 2025 for Embedded 7003/9005 Series)
Communication Strategy: AMD Security Advisory (Released Monday)Public Disclosure via ETH Zürich Research Paper
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through ETH Zürich Researchers (Benedict Schlüter, Shweta Shinde), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach AMD138722
Type of Data Compromised: Research information, Financial information, Internal network devices list, Corporate credentials
Sensitivity of Data: High
File Types Exposed: CSV
Incident : Vulnerability AMD1932419101425
Type of Data Compromised: Guest memory in cvms, Secrets, Security metadata in rmp table
Sensitivity of Data: High (Confidential Computing Secrets, VM Memory Contents)
Data Encryption: ['SEV-SNP (Compromised Due to RMP Corruption)']
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Firmware updates, , Fixes for EPYC Processors (Planned for November 2025 for Embedded 7003/9005 Series), .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by amd-released patches, bios updates for supermicro motherboards, microsoft remediation for azure acc and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach AMD138722
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Physical disposal of infected machines, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Vulnerability AMD1932419101425
Lessons Learned: Incomplete protection mechanisms in hardware security features (e.g., RMP) can create critical attack surfaces., Race conditions during initialization phases of security components (e.g., PSP/RMP) require robust safeguards., Single memory corruption (e.g., 8-byte overwrite in RMP) can fully compromise system-wide integrity and confidentiality., Hypervisor-level attacks can undermine confidential computing guarantees, necessitating defense-in-depth strategies.
What recommendations were made to prevent future incidents ?
Incident : Vulnerability AMD1932419101425
Recommendations: Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Implement additional runtime integrity checks for RMP tables to detect tampering., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Incomplete protection mechanisms in hardware security features (e.g., RMP) can create critical attack surfaces.,Race conditions during initialization phases of security components (e.g., PSP/RMP) require robust safeguards.,Single memory corruption (e.g., 8-byte overwrite in RMP) can fully compromise system-wide integrity and confidentiality.,Hypervisor-level attacks can undermine confidential computing guarantees, necessitating defense-in-depth strategies.
References
Where can I find more information about each incident ?
Incident : Vulnerability AMD1932419101425
Source: AMD Security Advisory for CVE-2025-0033
Incident : Vulnerability AMD1932419101425
Source: ETH Zürich Research Paper on RMPocalypse
Incident : Vulnerability AMD1932419101425
Source: Microsoft Azure Advisory on CVE-2025-0033
Incident : Vulnerability AMD1932419101425
Source: Supermicro Security Bulletin
Incident : Vulnerability AMD1932419101425
Source: The Hacker News - 'RMPocalypse: New AMD Flaw Breaks SEV-SNP Confidential Computing Guarantees'
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: AMD Security Advisory for CVE-2025-0033, and Source: ETH Zürich Research Paper on RMPocalypse, and Source: Microsoft Azure Advisory on CVE-2025-0033, and Source: Supermicro Security Bulletin, and Source: The Hacker News - 'RMPocalypse: New AMD Flaw Breaks SEV-SNP Confidential Computing Guarantees'.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Vulnerability AMD1932419101425
Investigation Status: Ongoing (Patches Released; Embedded Series Fixes Planned for November 2025)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Amd Security Advisory (Released Monday) and Public Disclosure Via Eth Zürich Research Paper.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Vulnerability AMD1932419101425
Stakeholder Advisories: Amd Customers, Cloud Service Providers, Enterprise It Administrators, Supermicro Motherboard Users.
Customer Advisories: Apply firmware updates for affected EPYC processors.Azure customers: Monitor Microsoft advisories for ACC cluster remediation.Review confidential workloads for potential exposure due to SEV-SNP bypass.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Amd Customers, Cloud Service Providers, Enterprise It Administrators, Supermicro Motherboard Users, Apply Firmware Updates For Affected Epyc Processors., Azure Customers: Monitor Microsoft Advisories For Acc Cluster Remediation., Review Confidential Workloads For Potential Exposure Due To Sev-Snp Bypass. and .
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability AMD1932419101425
Root Causes: Race Condition During Amd Secure Processor (Psp) Initialization Of The Rmp Table., Inadequate Protection Of Rmp During Vm Startup, Creating A Window For Corruption., Single Memory Write Vulnerability In Rmp Leading To System-Wide Compromise., Design Assumption That Rmp Would Be Fully Protected During Initialization Proved Flawed.,
Corrective Actions: Amd Patches To Eliminate Race Condition In Rmp Initialization., Bios Updates For Supermicro Motherboards To Enforce Rmp Integrity., Microsoft Remediation For Azure Acc Clusters To Prevent Hypervisor-Level Exploitation., Planned Fixes For Embedded Epyc Series (November 2025).,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Eth Zürich Researchers (Benedict Schlüter, Shweta Shinde), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Amd Patches To Eliminate Race Condition In Rmp Initialization., Bios Updates For Supermicro Motherboards To Enforce Rmp Integrity., Microsoft Remediation For Azure Acc Clusters To Prevent Hypervisor-Level Exploitation., Planned Fixes For Embedded Epyc Series (November 2025)., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an RansomHouse gang.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Research Information, Financial Information, Internal Network Devices List, Corporate Credentials, , Sensitive Information in Confidential Virtual Machines (CVMs), Secrets (100% Success Rate), Guest Memory Integrity and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was AMD processors since 2006 and AMD Zen architecture CPUs from versions 1 to 4 and AMD EPYC™ 7003 Series ProcessorsAMD EPYC™ 8004 Series ProcessorsAMD EPYC™ 9004 Series ProcessorsAMD EPYC™ 9005 Series ProcessorsAMD EPYC™ Embedded 7003 Series Processors (Fix planned for November 2025)AMD EPYC™ Embedded 8004 Series ProcessorsAMD EPYC™ Embedded 9004 Series ProcessorsAMD EPYC™ Embedded 9005 Series Processors (Fix planned for November 2025)Azure Confidential Computing (ACC) AMD-based clustersSupermicro motherboards (requiring BIOS updates).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was eth zürich researchers (benedict schlüter, shweta shinde), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was AMD-Released PatchesBIOS Updates for Supermicro MotherboardsMicrosoft Remediation for Azure ACC.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Corporate Credentials, Sensitive Information in Confidential Virtual Machines (CVMs), Guest Memory Integrity, Financial Information, Research Information, Secrets (100% Success Rate) and Internal Network Devices List.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Hypervisor-level attacks can undermine confidential computing guarantees, necessitating defense-in-depth strategies.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Apply AMD-provided patches and BIOS updates immediately for affected EPYC processors., Evaluate compensatory controls (e.g., memory encryption, attestation enhancements) for systems awaiting patches., Cloud providers (e.g., Azure) should prioritize remediation for confidential computing clusters., Conduct third-party audits of hardware security mechanisms (e.g., SEV-SNP) to identify design gaps., Implement additional runtime integrity checks for RMP tables to detect tampering. and Monitor for anomalous hypervisor activity that may indicate RMP manipulation attempts..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Microsoft Azure Advisory on CVE-2025-0033, ETH Zürich Research Paper on RMPocalypse, AMD Security Advisory for CVE-2025-0033, The Hacker News - 'RMPocalypse: New AMD Flaw Breaks SEV-SNP Confidential Computing Guarantees' and Supermicro Security Bulletin.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Patches Released; Embedded Series Fixes Planned for November 2025).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was AMD Customers, Cloud Service Providers, Enterprise IT Administrators, Supermicro Motherboard Users, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Apply firmware updates for affected EPYC processors.Azure customers: Monitor Microsoft advisories for ACC cluster remediation.Review confidential workloads for potential exposure due to SEV-SNP bypass.
.png)
Latest Global CVEs (Not Company-Specific)
Description
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd.
Risk Information
cvss4
Base: 8.8
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits the rendering of HTML tags within Mermaid diagram nodes. This issue has not been patched at time of publication.
Risk Information
cvss3
Base: 9.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Description
continuwuity is a Matrix homeserver written in Rust. Prior to version 0.5.0, this vulnerability allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. The flaw exists because the server fails to validate the origin of a signing request, provided the event's state_key is a valid user ID belonging to the target server. This issue has been patched in version 0.5.0. A workaround for this issue involves blocking access to the PUT /_matrix/federation/v2/invite/{roomId}/{eventId} endpoint using the reverse proxy.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists in LangChain JS's toJSON() method (and subsequently when string-ifying objects using JSON.stringify(). The method did not escape objects with 'lc' keys when serializing free-form data in kwargs. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in @langchain/core versions 0.3.80 and 1.1.8, and langchain versions 0.3.37 and 1.2.3
Risk Information
cvss3
Base: 8.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References
- https://github.com/langchain-ai/langchainjs/commit/e5063f9c6e9989ea067dfdff39262b9e7b6aba62
- https://github.com/langchain-ai/langchainjs/releases/tag/%40langchain%2Fcore%401.1.8
- https://github.com/langchain-ai/langchainjs/releases/tag/langchain%401.2.3
- https://github.com/langchain-ai/langchainjs/security/advisories/GHSA-r399-636x-v7f6
Description
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data contains this key structure, it is treated as a legitimate LangChain object during deserialization rather than plain user data. This issue has been patched in versions 0.3.81 and 1.2.5.
Risk Information
cvss3
Base: 9.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
References
- https://github.com/langchain-ai/langchain/commit/5ec0fa69de31bbe3d76e4cf9cd65a6accb8466c8
- https://github.com/langchain-ai/langchain/commit/d9ec4c5cc78960abd37da79b0250f5642e6f0ce6
- https://github.com/langchain-ai/langchain/pull/34455
- https://github.com/langchain-ai/langchain/pull/34458
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D0.3.81
- https://github.com/langchain-ai/langchain/releases/tag/langchain-core%3D%3D1.2.5
- https://github.com/langchain-ai/langchain/security/advisories/GHSA-c67j-w6g6-q2cm
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=amd' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
