ALL POSTS

Key Findings A fundamental vulnerability in the UEFI firmware implementations of certain motherboards from ASRock, ASUS, GIGABYTE, and MSI allows attackers with physical access to bypass operating system security controls. The flaw, which is tracked as CVE-2025-14304, CVE-2025-11901, CVE-2025-14302, and CVE-2025-14303, stems from a discrepancy between what the firmware reports and what it actually does in terms of enabling the Input-Output Memory Management Unit (IOMMU). Desp

Key Findings Zoho Corporation has released an urgent security advisory addressing a critical severity SQL injection vulnerability affecting Analytics Plus on-premise installations. The vulnerability, tracked as CVE-2025-8324, has a CVSS score of 9.8 and allows unauthenticated remote attackers to execute arbitrary SQL queries. Exploitation of this flaw can lead to unauthorized data exposure and, in severe cases, account takeover. Background Zoho Analytics Plus is a widely used