An industry-wide standard that safeguards Windows devices from firmware infections had a vulnerability for around seven months which may have allowed the bypassing of protection with a simple technique. Patched by Microsoft on Tuesday, the status of Linux systems remains unknown. The exploit permitted attackers with device access to run harmful firmware during bootup, thus infecting the device before any OS loading.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is