Rowhammer bit flips in DRAM enable software attackers to fully compromise a great variety of systems. Hardware mitigations can be precise and efficient but suffer from long deployment cycles and very limited or no update capabilities. Consequently, refined attack methods have repeatedly bypassed deployed hardware protections, repeatedly leaving commodity systems vulnerable to Rowhammer attacks.

In this paper, we present Memory Band-Aid, a principled defense-in-depth against Rowhammer. Memory Band-Aid is no replacement for long-term, efficient hardware mitigations but a defense-in-depth that is activated when hardware mitigations are discovered to be insufficient on a specific system generation. For this purpose, Memory Band-Aid introduces per-thread and per-bank rate limits for DRAM accesses in the memory controller, ensuring that the minimum number of row activations for Rowhammer bit flips cannot be reached. We implement a proof-of-concept of Memory Band-Aid on Ubuntu Linux and test it on 3 Intel and 3 AMD systems. In a micro-benchmark to cause DRAM pressure, we observe a slow down up to a factor of 5.2. In a collection of realistic Phoronix macro-benchmarks, we observe a low overhead of 0 % to 9.4 %. Both overheads only apply to untrusted throttled workloads, e.g., sandboxes, for instance in browsers. Especially as Memory Band-Aid can be enabled on demand, we conclude that Memory Band-Aid is an important defense-in-depth that should be deployed in practice as a second defense layer.

Rowhammer is a disturbance error in Dynamic Random-Access Memory (DRAM) that can be deliberately triggered from software by repeatedly reading, i. e., hammering, proximate memory locations in different DRAM rows. While numerous studies evaluated the Rowhammer effect, in particular how it can be triggered and how it can be exploited, most studies only use a small sample size of Dual In-line Memory Modules (DIMMs). Only few studies provided indication for the prevalence of the effect, with clear limitations to specific hardware configurations or FPGA-based experiments with precise control of the DIMM, limiting how far the results can be generalized.

In this paper, we perform the frist large-scale study of the Rowhammer effect involving 1 006 data sets from 822 systems. We measure Rowhammer prevalence in a fully automated crossplatform framework, FLIPKIT, using the available state-of-theart software-based DRAM and Rowhammer tools. Our framework automatically gathers information about the DRAM and uses 5 tools to reverse-engineer the DRAM addressing functions, and based on the reverse-engineered functions uses 7 tools to mount Rowhammer. We distributed the framework online and via USB thumb drives to thousands of participants from December 30, 2024, to June 30, 2025. Overall, we collected 1 006 datasets from systems with various CPUs, DRAM generations, and vendors. Our study reveals that out of 1 006 datasets, 453 (371 of the 822 unique systems) succeeded in the first stage of reverseengineering the DRAM addressing functions, indicating that successfully and reliably recovering DRAM addressing functions remains a significant open problem. In the second stage, 126 (12.5 % of all datasets) exhibited bit flips in our fully automated Rowhammer attacks. Our results show that fully-automated, i. e., weaponizable, Rowhammer attacks work on a lower share of systems than FPGA-based and lab experiments indicated but with 12.5 % enough to be a practical vector for threat actors. Furthermore, our results highlight that the two most pressing research challenges around Rowhammer exploitability are more reliable reverse-engineering addressing functions, as 50 % of datasets without bit flips failed in the DRAM reverse-engineering stage, and reliable Rowhammer attacks across diverse processor microarchitectures1, as only 12.5 % of datasets contained bit flips. Addressing each of these challenges could double the number of systems susceptible to Rowhammer and make Rowhammer a more pressing threat in real-world scenarios. 

Background

Rare diseases affect a small percentage of the population, leading to challenges such as delayed diagnoses and limited treatment options. Mobile health technologies offer solutions to improve patient outcomes, yet their application in rare diseases remains underexplored. The German citizen science project SelEe created a customizable app for the self-management of rare diseases through a co-creation process that involved patients with such conditions.

Methods

The project consisted of three phases. In Phase 1, 9 to 68 patients or relatives of patients participated in workshops to define research topics and app requirements. Phase 2 involved a core research team of nine patients and researchers who iteratively developed the app, released in March 2023. Phase 3 focused on evaluating the app’s usage and usability through an in-app survey conducted from March 2023 to February 2024. We utilized descriptive statistics to evaluate app usage and employed the mHealth App Usability Questionnaire to assess usability.

Results

The SelEe app offers the possibility to create and store data in a personalized health diary. Patients can create their own templates or use templates which were defined by the core research team. Users can record findings (e.g. blood test results) and export data using different graphs and formats. Furthermore, the app supports blind users. The app was downloaded 3040 times and 1456 users registered, with 1967 unique diseases entered. 50.7% of the diseases were rare, 30.5% non-rare, and 18.8% were classified as suspected, undefined, or symptoms. A total of 1223 valid user profiles were analyzed for app usage and demographics. Furthermore, 432 users qualified for the in-app survey by making at least one health diary entry, and 117 participated. The app was rated with an overall usability score of 5.19 out of 7. While the app’s health diary function was frequently used, other functionalities like findings and data export were less utilized. Feedback highlighted the need for improved usability and additional features.

Conclusions

The study highlights active patient engagement in developing a mobile health app for individuals with rare diseases. Although improvements are necessary for broader acceptance, the app is promising for the management of rare diseases.

We introduce WireTrust, a VPN architecture for ARMv8-A devices that leverages ARM TrustZone to mitigate OS-level vulnerabilities. Contrary to commodity VPNs, WireTrust does not rely on the security of the OS, its network stack, or its routing tables to provide a secure VPN full tunnel. WireTrust operates transparently to applications on the device and enforces that all IP traffic is routed exclusively through the VPN tunnel, blocking attempts to bypass it even if the OS has been compromised. WireTrust ensures that packets outside the tunnel are discarded before they reach the OS, significantly reducing the device’s attack surface that is exposed to the public internet. Extending the WireGuard VPN, we implement a proof of concept on real hardware, show that WireTrust's additions to the trusted computing base account for 6.61%, and measure a performance penalty of 2.12% - 5.50% on TCP throughput and 1.40% on latency compared to stock WireGuard.

KI im Marketing, Methoden des maschinellen Lernens, Anwendungsmöglichkeiten von KI im Marketing, insbesondere auch von generativer KI

This paper introduces a novel benchmark dataset designed to evaluate the capabilities of Vision Language Models (VLMs) on tasks that combine visual reasoning with subject-specific background knowledge in the German language. In contrast to widely used English-language benchmarks that often rely on artificially difficult or decontextualized problems, this dataset draws from real middle school curricula across nine domains including mathematics, history, biology, and religion. The benchmark includes over 2,000 open-ended questions grounded in 486 images, ensuring that models must integrate visual interpretation with factual reasoning rather than rely on superficial textual cues. We evaluate thirteen state-of-the-art open-weight VLMs across multiple dimensions, including domain-specific accuracy and performance on adversarial crafted questions. Our findings reveal that even the strongest models achieve less than 45% overall accuracy, with particularly poor performance in music, mathematics, and adversarial settings. Furthermore, the results indicate significant discrepancies between success on popular benchmarks and real-world multimodal understanding. We conclude that middle school-level tasks offer a meaningful and underutilized avenue for stress-testing VLMs, especially in non-English contexts. The dataset and evaluation protocol serve as a rigorous testbed to better understand and improve the visual and linguistic reasoning capabilities of future AI systems.

Background

Traumatic brain injury (TBI) is one of the most important pediatric conditions worldwide. In Germany, hospitalization rates for mild TBI drastically exceed hospitalization rates from similar healthcare systems.

Methods

The SaVeBRAIN.Kids trial will implement and test a novel care pathway (nCP) for evidence-based standardized risk assessment, structured observation in the emergency department (ED) for several hours, and technology-supported home monitoring with the aim to reduce hospitalizations. This non-inferiority multicenter study will be carried out using a cluster-randomized stepped-wedge design, with all centers starting in the control phase and sequentially transitioning to the intervention. Eligible participants (age ≥ 3 months and < 18 years) must present within 48 h of head injury, have minimal symptoms (Glasgow coma scale ≥ 14), and no risk factors for intracranial complications. The co-primary outcomes are the relative risk of hospitalization and the proportion of unplanned re-visits within 72 h of presentation to the ED for ambulatory cases. Secondary outcomes include clinical safety measures, cost-effectiveness, and process evaluation. Based on power calculations (α = 0.05, power = 0.9), 1390 patients will be recruited over 12 months.

Discussion

 The SaVeBRAIN.Kids trial addresses a relevant healthcare challenge by testing a new approach to pediatric mild TBI management in Germany. It aligns with current evidence while accounting for the country’s specific healthcare context. If successful, the intervention could substantially reduce unnecessary hospitalizations and free inpatient capacities while preserving patient safety.

Trial registration

German Clinical Trials Registry (DRKS00035623). Registered on January 21, 2025.

Kaum eine Begrifflichkeit im Kontext des digitalen Marketings dürfte in jüngerer Zeit so viel Aufmerksamkeit erhalten haben, wie die des „Metaverse“. Das damit beschriebene Zusammenwachsen von virtueller und physischer Welt kann neue Geschäftsmodelle ermöglichen und birgt das Potenzial, die Bedingungen an den digitalen Märkten auf den Kopf zu stellen – auch wenn dafür aktuell noch einige Hürden zu überwinden sind. Dabei scheint es angebracht, sich von allzu einseitigen dogmatischen Zielvorstellungen zu lösen. Denn neben teilweise sehr abstrakten Zukunftsvisionen existieren heute bereits zahlreiche realisierte Anwendungsfälle, die der angestrebten Fusion beider Sphären schon sehr nahekommen.

Nicht zuletzt im Entertainment Segment, auch etwa im Kontext des Gamings, ist dabei die Entwicklung besonders weit fortgeschritten. Auf Gaming-Plattformen wie Fortnite, Minecraft oder Roblox treffen sich - virtuell - Millionen von Menschen, natürlich um zu spielen, aber eben auch zunehmend im Rahmen von Events. Innerhalb von in sich geschlossenen virtuellen Welten wie Sandbox oder Decentraland, werden Festivals und Veranstaltungen entsprechend unserer physischen Realität inszeniert, mit dem Ziel, ein möglichst „immersives“, also den analogen Anmutungen und Gewohnheiten entsprechendes Erlebnis zu gewährleisten.

Auch die Musikindustrie hat diese Spielwiese für sich entdeckt: Bereits 2019 trat der US-amerikanische Produzent und DJ Marshmello live, „digital“ auf der Online-Game-Plattform Fortnite auf und spielte ein Konzert vor 10 Millionen „virtuell“ anwesenden Zuschauern. 2020 konnte Travis Scott diesen Rekord auf 27,7 Millionen User ausbauen. Im gleichen Jahr spielte ein virtualisierter Lil Nas X auf Roblox und generierte dabei 33 Millionen unique Viewers (Regan, 2021).  Inzwischen gibt es neben diesen Spiele-Plattformen eine ganze Reihe von virtuellen Event-Locations vom Spezialanbieter Ceek.io – der Konzerte von Bon Jovi und Lady Gaga im Angebot hat – bis hin zu Meta (Facebook), das 2022 anlässlich des Superbowls die Foo Fighters für ein immersives Konzert auf einer Virtual-Reality-Bühne inszenierte (WuV, 2022).

Wenngleich sich derartige virtuelle Auftritte bisher noch auf den musikalischen Mainstream konzentrieren, bietet das Metaversum jedoch auch für die Spielarten des Metals Chancen, sowohl auf der Veranstalter- als auch auf der Künstlerseite. Konzerte und ganze Festivals könnten ins Metaversum verlegt oder durch parallele virtuelle Veranstaltungen begleitet werden. Merchandise und Musik lassen sich sowohl analog als auch (zusätzlich) digital, etwa als NFT, in der virtuellen Sphäre verkaufen. Und auch Backstage- und VIP-Erlebnisse ließen sich, den analogen Gepflogenheiten entsprechend, virtuell abbilden.

Der vorliegende Beitrag widmet sich - auf Basis einer ethnographisch-technischen Analyse - konzeptionell den Chancen, die sich der Veranstaltungs- und Musikbranche und dabei insbesondere dem Metal-Segment sowie den einschlägigen Festivals im Metaversum eröffnen. Konkret soll untersucht werden, welche Innovationspotenziale virtuelle Welten für die Branche bieten, welche Ansätze bereits erfolgreich sind und welche Erfolgsfaktoren für virtuelle Events, den Handel von korrespondierendem Merchandise und für ein nachhaltiges Branding bestehen. Welche Hindernisse sind dabei für ein erfolgreiches Agieren in virtuellen Sphären zu überwinden? Und wie lassen sich die bestehenden Geschäftsmodelle virtuell anreichern oder übertragen? 

Der Rückgriff auf ChatGPT & Co. vereinfacht vieles im Alltag. Es ist unkompliziert und naheliegend, sich insbesondere Texte durch generative KI schreiben zu lassen oder auch Zusammenfassungen von komplexen und langen Artikeln damit zu erstellen, gerade wenn Zeit und Aufmerksamkeit begrenzt sind. Aber werden wir damit nicht zu bequem? Lassen wir unsere grauen Zellen damit verkümmern? Oder verkennen wir mit solchen Fragen das Potenzial der Technologie? Und welche Kompetenzen brauchen wir dann überhaupt in Zukunft noch?

This paper presents an extension of the Subject-oriented Business Process Management (S-BPM) methodology to integrate organizational structures and agent assignment mechanisms. While S-BPM offers a robust framework for modeling business processes based on the Parallel Activity Specification Schema (PASS), it lacks explicit constructs for associating organizational agents—such as humans, machines, or services—with process subjects. To address this gap, we propose an enhancement of the S-BPM methodology by incorporating an external organizational model and an Organizational Query Language (OQL) interface. This extension enables fine-grained specification of process initiation permissions, dynamic assignment of agents to subjects, and direct derivation of access rights to business objects from process models. Our approach leverages an organization model server to evaluate OQL expressions at runtime, supporting context-sensitive and rule-based agent selection. We demonstrate how these enhancements facilitate advanced organizational scenarios, such as context-dependent approval processes and multi-agent assignments. By embedding access rights directly into process models, our solution eliminates the need for traditional access control lists. This integration significantly improves automation, compliance, and maintainability in enterprise environments.

Künstliche Intelligenz ist derzeit in aller Munde – zwischen Innovationshype und wachsender Skepsis. Auf den bpa Care about Innovation days wird Prof. Dr. Andreas Wagener gleich doppelt vertreten sein: mit einer Keynote zum Spannungsfeld zwischen KI und Nachhaltigkeit – sowie einem praxisorientierten Workshop, der Einsteiger den konkreten Umgang mit generativer KI vermittelt.

Im Interview spricht er über Chancen und Herausforderungen der Technologie – und erklärt, warum gerade die Sozialwirtschaft ein besonderes Potenzial hat, von KI zu profitieren.

This paper systematically analyzes 32 offensive Rowhammer papers, including 48 experiments. However, we avoid finger-pointing but identify 6 threats to the validity and relevance of Rowhammer research results and give multiple examples. The threats include small sample sizes, over-estimated attacker capabilities, unrealistic attack scenarios, non-comparability of the results, age and wear of hardware, and sub-optimal attack performance metrics. Additionally, we provide recommendations with detailed justification to the scientific community to mitigate those threats: (1) pre-experimental testing of DIMM integrity, (2) increasing and broadening the DIMM sample size, (3) expanding reproduction studies of published work, (4) defining attacks in real-world conditions and distinguishing them from theoretical ones, (5) publishing DIMM manufacturing data, (6) documenting DIMM wear and, (7) leveraging multiple metrics for bit flip evaluations.

Virtual reality has proven to be a valuable addition in the tool belt of teachers. Immersive learning environments are applied in various settings, including, but not limited to the medical and nursing domain. In this study we present “We care in VR”, a simulation for practicing nursing tasks for care at home, a part of nursing that is currently underrepresented in available VR applications. We investigate how realistic interactions are perceived by end users compared to consistent usage of buttons on the controllers and how they affect the ease of use of the simulation. We conduct an empirical study with 50 participants from three vocational schools of nursing and a university of applied sciences. Results suggest that our simulation already works quite well and is accepted by the target group, but still needs improvement regarding ease of use, especially for users without any previous experience with VR applications.

In der jüngeren Vergangenheit wurde viel über die Auswirkungen der Digitalisierung auf Politik und Demokratie diskutiert. Gleichzeitig schwächt ein globaler Krisenkreislauf das Vertrauen in die politische Handlungsfähigkeit. Dieser Beitrag untersucht, welche Alternativen die digitale Transformation für die gesellschaftliche Willensbildung bieten könnten. Er identifiziert Handlungsfelder digitalisierter Politik auf regionaler wie globaler Ebene und mögliche Lösungsansätze. Technologien wie KI, Distributed-Ledger-Verfahren und Virtual Reality können die Informationsverarbeitung im Vorfeld politischer Entscheidungen und die Stärkung bürgerlicher Partizipation unterstützen. Ferner bergen sie das Potenzial, tiefgreifende Veränderungen in politischen Systemen zu bewirken, indem menschliche Aufgaben an technische Systeme delegiert werden. Dabei ergibt sich ein schmaler Grat zwischen Utopie und Dystopie, wenn Effizienzerwartungen auf Fragen nach demokratischer Legitimation treffen.

This study examines how Large Language Models (LLMs) can reduce biases in text-to-image generation systems by modifying user prompts. We define bias as a model's unfair deviation from population statistics given neutral prompts. Our experiments with Stable Diffusion XL, 3.5 and Flux demonstrate that LLM-modified prompts significantly increase image diversity and reduce bias without the need to change the image generators themselves. While occasionally producing results that diverge from original user intent for elaborate prompts, this approach generally provides more varied interpretations of underspecified requests rather than superficial variations. The method works particularly well for less advanced image generators, though limitations persist for certain contexts like disability representation. All prompts and generated images are available at https://iisys-hof.github.io/llm-prompt-img-gen/