A supply chain failure compromising Secure Boot protections across numerous computing devices impacts more models than initially thought, including ATMs, POS terminals, and voting machines. The issue, now dubbed PKfail, arose from non-production test platform keys used for over a decade by manufacturers like Acer, Dell and HP. The number of affected machines is now thought to stand at 972, almost double the previous estimate of 513. Cryptographic rootkits that undermine system security could potentially be planted in devices affected.
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and
