About the Speaker
< Talk Title />
< Talk Category />
< Talk Abstract />
The presentation talk will explore how Modern day computer processors are highly complex systems. At the core they execute a sequence of instructions and store results into memory. Just as Meltdown and Spectre vulnerabilities have exposed critical flaws in modern day processors, our newly discovered
vulnerability (CVE-2025-21533) in Oracle VM VirtualBox exposes a security risk in affected versions prior to 7.0.24 and 7.1.6. This flaw is located in the core virtualization component, allowing a low-privileged attacker with local access to exploit a speculative store bypass, potentially leading to unauthorized access to sensitive data.
Successful exploitation could grant attackers access to critical information processed within VirtualBox environments. CVE-2025-21533 (aka “Speculative Store Bypass”) opens a new avenue (like Branch Misprediction) which has been exploited via speculative execution and cache-based side
channel methods to bypass security measures and access privileged memory in the oracle virtual box.
This vulnerability was disclosed responsibly to Oracle security Team and is currenlty being Analysed for a fix . This Presentation talk emphasizes the importance of securing core virtualization modules and demonstrates how proactive research can uncover and address critical risks in widely used virtulization platforms. Attendees will gain valuable insights into virtulization technlogy , side channel effects and the significance of vulnerability research.
< Speaker Bio />
Sahithi Rajasekaran
Sahithi R is a Product Reliability Engineer at Visa Inc., in Bengaluru, India. With a background in Information Science and Engineering, and hands-on experience in ensuring platform reliability and infrastructure stability at scale, she works closely with global teams to maintain and enhance the security posture of financial systems. She is passionate about system observability, incident response, and the intersection of security and operations (SecOps).
Outside of work, Sahithi has a keen interest in practicing yoga and pranayama and basketball. She is enthusiastic about AI, system design and learning from the global security community and contributing to innovation in tech ecosystems.
Kandi Abhishek Reddy
I am Kandi Abhishek Reddy, a graduate of Amrita Vishwa Vidyapeetham, Bangalore, specialization in Computer Science and Electronics Engineering. Currently, I work as a security researcher with Team bi0s, India's top-ranked Capture the Flag (CTF) team and cybersecurity research community, as well as a full-time software engineer at NOKIA as a subcontractor.
I have a strong focus and interests on binary exploitation and digital forensics, I have many accomplishments through hands-on experience in CTF competitions, where I have achieved significant milestones. Additionally, I have successfully identified and reported vulnerabilities to Microsoft, contributing to real-world security improvements.
Passionate about continuous learning, I am always seeking new challenges and opportunities to grow in the rapidly evolving fields of cybersecurity and technology.