firmware Archives • Daily CyberSecurity

Critical PCIe 6.0 Flaws Risk Secure Data Integrity via Stale Data Injection in IDE Mechanism PCIe IDE Vulnerability, Stale Data Injection

Critical PCIe 6.0 Flaws Risk Secure Data Integrity via Stale Data Injection in IDE Mechanism

Do Son December 11, 2025

The secure foundations of high-speed data transfer have developed a crack. The CERT Coordination Center (CERT/CC) has...

Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577) Intel Boot Guard Key Leak, Clevo UEFI

Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)

Do Son October 14, 2025

The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain vulnerability — CVE-2025-11577...

CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices AI Storage Shortage QLC SSD Demand CVE-2022-29841 WD My Cloud, RCE Vulnerability

AI Storage Shortage QLC SSD Demand CVE-2022-29841 WD My Cloud, RCE Vulnerability

CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices

Do Son September 30, 2025

Western Digital (WD) has patched a critical vulnerability in its My Cloud NAS platforms that could allow...

CVE-2025-57808: ESPHome Web Server Authentication Bypass Exposes Smart Devices ESPHome, authentication bypass

CVE-2025-57808: ESPHome Web Server Authentication Bypass Exposes Smart Devices

Do Son September 2, 2025

The ESPHome project, a popular open-source firmware framework for ESP32- and ESP8266-based smart home devices, has disclosed...

New Firmware Flaw in AMI Aptio UEFI Threatens Persistent System Compromise UEFI firmware, SMM vulnerability

New Firmware Flaw in AMI Aptio UEFI Threatens Persistent System Compromise

Do Son August 18, 2025

A new security vulnerability disclosed by CERT/CC highlights serious risks in AMI Aptio UEFI firmware, which powers...

BadCam: Critical Flaws in Lenovo Linux Webcams Allow Remote BadUSB Attacks and Persistent Infections

Do Son August 12, 2025

Security researchers at Eclypsium have identified critical vulnerabilities in select Lenovo USB webcams that could allow attackers...

CISA Alert: Critical Flaws Expose EG4 Electronics Inverters to Remote Takeover EG4 Electronics, CISA Alert

CISA Alert: Critical Flaws Expose EG4 Electronics Inverters to Remote Takeover

Do Son August 9, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk evaluation warning about multiple high-severity...

SMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks Gigabyte UEFI, Critical Vulnerabilities

SMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks

Do Son July 14, 2025

In a warning issued by CERT/CC, multiple high-impact vulnerabilities have been identified in Gigabyte UEFI firmware that...

iOS 26 Recovery Assistant Unveiled: Wirelessly Restore Your iPhone with Another Apple Device Apple Russia payment suspension iOS 26.3 Proximity Pairing, Apple DMA compliance 2026 Tap to Pay, Apple Pay Wireless charging Always-On Display, iOS 26 iOS 26, EU App APIs Rare Earths, Apple Supply Chain

Apple Russia payment suspension iOS 26.3 Proximity Pairing, Apple DMA compliance 2026 Tap to Pay, Apple Pay Wireless charging Always-On Display, iOS 26 iOS 26, EU App APIs Rare Earths, Apple Supply Chain

iOS 26 Recovery Assistant Unveiled: Wirelessly Restore Your iPhone with Another Apple Device

Do Son June 24, 2025

In iOS 26 Beta 1, Apple introduced a new feature called Recovery Assistant. In the recently released...

Apple Announces Public Betas for iOS 26, macOS Tahoe, and First-Ever AirPods Firmware AirDrop PIN Pairing 30-Day AirDrop Trust iOS 26 downgrade iOS 26 battery drain 5G MacBook, Cellular Mac iOS 26, Communication Safety iOS 26, Wi-Fi Synchronization iOS 26, Wi-Fi Synchronization Apple Redesign Apple Public Betas, AirPods Firmware

AirDrop PIN Pairing 30-Day AirDrop Trust iOS 26 downgrade iOS 26 battery drain 5G MacBook, Cellular Mac iOS 26, Communication Safety iOS 26, Wi-Fi Synchronization iOS 26, Wi-Fi Synchronization Apple Redesign Apple Public Betas, AirPods Firmware

Apple Announces Public Betas for iOS 26, macOS Tahoe, and First-Ever AirPods Firmware

Do Son June 16, 2025

According to an announcement from Apple, the company intends to release the public beta versions of iOS...

Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware Insyde UEFI, Secure Boot Bypass CVE-2025-4275

Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware

Do Son June 11, 2025

A newly disclosed vulnerability in Insyde H2O UEFI firmware, tracked as CVE-2025-4275, allows attackers to bypass Secure...

UEFI Secure Boot Bypass: Critical Flaw (CVE-2025-3052) Exposes Millions of Devices! UEFI Secure Boot, Critical Vulnerability CVE-2025-3052

UEFI Secure Boot Bypass: Critical Flaw (CVE-2025-3052) Exposes Millions of Devices!

Do Son June 10, 2025

A new high-severity vulnerability discovered by BINARLY REsearch has reignited concerns about the integrity of the UEFI...

AyySSHush: New Stealthy Botnet Backdoors ASUS Routers, Persists Through Firmware Updates AyySSHush Botnet, ASUS Router Attacks

AyySSHush: New Stealthy Botnet Backdoors ASUS Routers, Persists Through Firmware Updates

Do Son May 31, 2025

A new wave of router-based cyberattacks has emerged in the form of a stealthy and persistent botnet...

Critical NETGEAR Router Flaw Enables Full Admin Access via Hidden Backdoor (PoC Included) NETGEAR, Authentication Bypass

Critical NETGEAR Router Flaw Enables Full Admin Access via Hidden Backdoor (PoC Included)

Do Son May 23, 2025

A newly disclosed and highly critical vulnerability, tracked as CVE-2025-4978 with a CVSSv4 score of 9.3, has...

Critical NAS Risk: I-O DATA Flaw with 9.8 CVSS Allows Remote Command Execution I-O DATA, NAS, command injection

Critical NAS Risk: I-O DATA Flaw with 9.8 CVSS Allows Remote Command Execution

Do Son May 16, 2025

Network Attached Storage (NAS) devices have become essential components of both home and business networks, providing centralized...

Critical AMI BMC Vulnerability: Patch Your ASUS Workstation Now ASUS CVE-2025-13348 File Shredder Removal ASUS LPE Flaw CVE-2025-59373 ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

Critical AMI BMC Vulnerability: Patch Your ASUS Workstation Now

Do Son April 25, 2025

Veteran PC users are likely familiar with encountering messages from American Megatrends International (AMI) during system startup....

Synology NAS: Third-Party Drives Restricted in 2025 Plus Series Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

Synology NAS: Third-Party Drives Restricted in 2025 Plus Series

Do Son April 17, 2025

Synology NAS servers have long been favored by both enthusiasts and enterprises alike. The wide array of...

CVE-2024-11131 (CVSS 9.8): Critical Vulnerability Found in Synology Camera Firmware Synology Chat Server vulnerabilities Synology security update Synology DSM Update NAS Security Vulnerability Synology VPN Update SSL VPN Vulnerability Synology Telnet Flaw DSM Security Update Synology DSM Telnet vulnerability BeeStation Zero-Day, Pwn2Own RCE CVE-2024-11131 & CVE-2024-10442 CVE-2025-2848 Synology, NAS

CVE-2024-11131 (CVSS 9.8): Critical Vulnerability Found in Synology Camera Firmware

Do Son March 19, 2025

Synology has updated its security advisories to disclose details of a critical vulnerability affecting its camera firmware....

CVE-2024-54085: AMI SPx Vulnerability Scores Critical CVSS 10

Do Son March 12, 2025

AMI, a leading provider of BIOS and BMC firmware, has announced security advisories addressing multiple vulnerabilities affecting...