Aggregator
UEFI Shell Vulnerabilities Could Allow Hackers to Bypass Secure Boot on 200,000+ Laptops
Hackers can exploit vulnerabilities in signed UEFI shells to bypass Secure Boot protections on over 200,000 Framework laptops and desktops. According to Eclypsium, these vulnerabilities expose fundamental flaws in how modern systems trust boot components, potentially enabling persistent malware infections that evade detection. Disclosed recently to Framework, the issues stem from legitimate diagnostic tools that, […]
The post UEFI Shell Vulnerabilities Could Allow Hackers to Bypass Secure Boot on 200,000+ Laptops appeared first on Cyber Security News.
CVE-2025-25252 | Fortinet FortiOS up to 6.4.16/7.0.16/7.2.10/7.4.6/7.6.2 SSL VPN session expiration (FG-IR-24-487)
CVE-2024-33507 | Fortinet FortiIsolator up to 2.3.4/2.4.4 Cookie session expiration (FG-IR-24-062)
CVE-2025-49201 | Fortinet FortiPAM/FortiSwitchManager HTTP Request weak authentication (FG-IR-25-010)
CVE-2025-25253 | Fortinet FortiPAM/FortiOS/FortiProxy 1.4.1 certificate validation (FG-IR-24-457)
CVE-2025-54973 | Fortinet FortiAnalyzer up to 7.0.13/7.2.10/7.4.6/7.6.2 FortiCloud SSO race condition (FG-IR-25-198)
CVE-2025-58903 | Fortinet FortiOS up to 6.4.16/7.0.17/7.2.12/7.4.8/7.6.3 HTTP Daemon return value (FG-IR-25-653)
CVE-2025-54822 | Fortinet FortiProxy/FortiOS HTTP Request improper authorization (FG-IR-25-684)
CVE-2023-46718 | Fortinet FortiOS/FortiProxy CLI stack-based overflow (FG-IR-23-354)
CVE-2025-22258 | Fortinet FortiSRA HTTP Request heap-based overflow (FG-IR-24-546)
CVE-2024-50571 | Fortinet FortiOS/FortiProxy/FortiManager/FortiAnalyzer heap-based overflow (FG-IR-24-442)
CVE-2024-47569 | Fortinet FortiVoice insertion of sensitive information into sent data (FG-IR-24-228)
Магнитный щит Земли трещит над Южной Атлантикой — зона ослабления поля выросла до половины Европы
Безопасный код с первого коммита: инструменты для автоматического сканирования
Wayland, Rust и сломанный Flatpak: что нужно знать о новой Ubuntu 25.10
SecWiki News 2025-10-14 Review
更多最新文章,请访问SecWiki
LevelBlue to acquire Cybereason in latest cybersecurity industry consolidation
For Cybereason, the acquisition bookends a turbulent seven-year period that saw the company swing from near-IPO status to dramatic valuation declines and multiple restructurings.
The post LevelBlue to acquire Cybereason in latest cybersecurity industry consolidation appeared first on CyberScoop.