Cve

A security vulnerability has been identified in specific motherboard models from leading manufacturers such as ASRock, ASUSTeK Computer, GIGABYTE and MSI. This flaw leaves systems susceptible to Direct Memory Access (DMA) attacks during the early boot phase, affecting architectures that implement the Unified Extensible Firmware Interface (UEFI) and Input/Output Memory Management Unit (IOMMU). Early Boot DMA Protection Failure The vulnerability, discovered by Riot Games’ Nick Peterson and Mohamed Al-Sharifi, lies in the UEFI firmware implementation. Although the IOMMU and UEFI are designed to prevent unauthorized access to memory by peripherals, the flaw arises from a discrepancy: the firmware indicates that DMA protection is active, but fails to configure and enable the IOMMU correctly during the critical boot phase. ...

Google released a security update for Chrome on December 10, patching three new vulnerabilities, including a high-severity one that is being actively exploited in the wild. This vulnerability represents the eighth Chrome zero-day exploited in 2025. The High Severity Zero-Day Vulnerability Google has issued a security advisory to address a high severity zero-day vulnerability. At the time of publication, Google has not assigned a CVE (Common Vulnerabilities and Exposures) to this flaw. Instead, it is referenced by Google’s internal tracking ID, 466192044. ...

Security researchers at Oligo Security have discovered five vulnerabilities in Fluent Bit, a lightweight, open-source telemetry agent, that could be chained together to compromise and take control of cloud infrastructures. Fluent Bit is widely used in enterprise environments, and successful exploitation of these flaws could allow attackers to disrupt cloud services, manipulate data, and delve into Kubernetes and cloud infrastructures. Details of Vulnerabilities The identified security flaws allow attackers to bypass authentication, perform path traversal, achieve remote code execution (RCE), cause denial of service (DoS) conditions, and manipulate tags. The five vulnerabilities are detailed below: ...