Preface: Intel Xeon W processor UEFI settings differ from consumer Intel Core CPUs, primarily to support enterprise-grade features. Xeon W UEFI (BIOS) includes specialized configurations for ECC RAM management, enhanced virtualization, advanced PCIe lane configuration, and platform-specific stability settings not required for standard desktop systems.

Background: Linux tools can modify fundamental UEFI settings, including variables, boot order, and Secure Boot keys (PK, KEK, db, dbx) using tools like efibootmgr, efitools, and direct /sys/firmware/efi/efivars access. Advanced tools can even modify flash images, though direct firmware flashing is generally manufacturer-dependent.

Strengthening length validation in efivarfs

– before performing memory comparisons to prevent OOB (Out-of-Bounds) access.

Strict Length Match:

Ensure the length of the string to be compared (len)

matches the expected length (name->len) exactly.

Vulnerability details: A potential security vulnerability in UEFI for some Intel Reference Platforms may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerability.

CVE-2025-20096: Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts.

Official announcement: Please refer to the link for details – https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01393.html

Preface: AWS launched Kiro to make it the default entry point for cloud development. When developers open Kiro, it is already pre-configured with deep connections to AWS services (such as Lambda, S3, and Bedrock), making “cloud-native development” an out-of-the-box experience. Since Kiro includes an LLM, Kiro is involved in whatever the developer does. The advantage is that any incorrectly programmed code, Kiro will advise. On the other hand, all programmer thinking will also be learned by Kiro!

Background: Visual studio code capable multi-root workspace over a folder. VS Code that allows you to configure multiple distinct folders to be part of the same workspace. Instead of opening a folder as workspace, you open a <name>[.]code-workspace JSON file that lists all folders of the workspace. In Kiro-IDE, if a user clicks “Trust this Workspace” for the [.]code-workspace file, the IDE may incorrectly extend that trust to all folders listed in the JSON. A threat actor can include a folder they control—containing a malicious [.]kiro/scripts[.]json or [.]vscode/settings[.]json—which then executes with the user’s full permissions because the parent workspace was marked as “trusted.”

Vulnerability details: Improper trust boundary enforcement in Kiro IDE before version 0.8.0 on all supported platforms might allow a remote unauthenticated threat actor to execute arbitrary code via maliciously crafted project directory files that bypass workspace trust protections when a local user opens the directory. To remediate this issue, users should upgrade to version 0.8.0 or higher.

Official announcement: Please refer to the link for more details –

https://nvd.nist.gov/vuln/detail/CVE-2026-4295

Preface: CVE-2026-0032 and CVE-2026-0038 are very similar in terms of their root cause, impact, and remedies, as they both originate from a logical error in the Android kernel memory protection subsystem.

Background: In the Android Virtualization Framework (AVF), all guest operating systems (like the main Android OS and Microdroid) run at EL1, while the actual hypervisor (pKVM) runs at EL2. In Android downstream kernels (especially those for Qualcomm or MediaTek SoCs), the log details containing 0x%llx (a 64-bit hexadecimal address) represent physical memory ranges being transitioned into an isolated state.

This isolation is a critical security layer used to protect high-value hardware components from the main Android OS.

Key Similarities – Both vulnerabilities reside in the mem_protect[.]c file, which is responsible for enforcing memory access boundaries and managing memory protection between different execution environments (like the kernel and the Secure World).

The “similar” nature of these design weakness lies in how the qcom_scm_assign_mem logic was implemented. In both cases, the system failed to properly validate or constrain memory assignment requests, allowing a local attacker to bypass security restrictions.

Vulnerability details:

CVE-2026-0032 In multiple functions of mem_protect[.]c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Primary Driver – Qualcomm SCM (Secure Channel Manager)

CVE-2026-0038In multiple functions of mem_protect[.]c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Primary Driver – Qualcomm SCM / pKVM (Protected KVM)

Official announcement: Please refer to the link for details –  

CVE-2026-0038 – https://nvd.nist.gov/vuln/detail/CVE-2026-0038 CVE-2026-0032 – https://nvd.nist.gov/vuln/detail/CVE-2026-0032

Preface: Quoting the second paragraph of the article: Because FortiOS uses reversible encryption ….

Please see the link for article details – https://www.technadu.com/fortigate-edge-intrusions-lead-to-deep-network-compromise-rogue-workstations/623060/

Using reversible encryption in a firewall—or any security system designed to protect credentials—is considered a major security risk because it essentially stores passwords in a format equivalent to plaintext. Reversible encryption allows the encrypted data to be decrypted back into its original form, meaning if an attacker compromises the system, they can obtain the original credentials, rather than just a non-reversible hash.

Background: In Active Directory (AD), abusing the mS-DS-MachineAccountQuota attribute means that an attacker uses its default value (usually 10) to allow ordinary low-privilege users to create new computer accounts in the domain.

A technique known as Resource-Limited Delegation (RBCD) attack. This is the most common form of abuse. If an attacker has specific privileges (such as GenericWrite) on a target server, they can use ms-DS-MachineAccountQuota to create a fake computer account and set it to “act on behalf of others,” thereby impersonating a domain administrator to log in to the target server.

CVE-2025-59718 and CVE-2025-59719 are critical authentication bypass vulnerabilities (CVSS score 9.8) that stem from improper verification of cryptographic signatures (CWE-347) within Fortinet’s SAML implementation

Why these vulnerabilities exist?

Signature Skipping: An unauthenticated remote attacker can send a specially crafted SAML message that the Fortinet device accepts without properly checking it against the trusted Identity Provider (IdP) certificate.

Improper Validation Logic: Because the system fails to correctly validate the XML Digital Signature, it does not confirm if the message actually came from the legitimate IdP or if it was modified in transit.

Administrative Access: By crafting a SAML response that claims to be from a trusted issuer (like sso.forticloud.com) and asserting a privileged identity (like super_admin), attackers can gain full administrative control over the device without needing a valid password or certificate. 

Official announcement: Please see the link for article details:

CVE-2025-59718 – https://nvd.nist.gov/vuln/detail/CVE-2025-59718

CVE-2025-59719 – https://nvd.nist.gov/vuln/detail/CVE-2025-59719

Remedial action:

-Perform the patch operation as recommended by the supplier.

-Use Powershell, Query accounts that have permissions for a specific object.

Get-DomainObjectAcl -Identity “TargetUser” -ResolveGUIDs | ? {$_.ActiveDirectoryRights -match “GenericWrite”}

-Disabling FortiCloud SSO immediately via the CLI (set admin-forticloud-sso-login disable) or GUI.

-Auditing logs for unauthorized administrative logins, particularly from unfamiliar IP addresses or at unusual times.

Preface: App Groups provide the legal doorway for shared access, while libxpc’s path handling acts as the security guard ensuring no one sneaks a forbidden object through that door while it’s open.

Background: Libxpc is a closed-source system library in Apple iOS (and macOS) that powers the XPC (Cross Process Communication) framework. It enables secure, lightweight communication between different applications and system services, allowing processes to share data and perform tasks on behalf of one another. It is critical for app sandboxing, stability, and system security.

In Apple’s iOS, path handling within the libxpc library is a critical mechanism for ensuring that file paths are securely and accurately managed during communication between different processes.

The primary purposes and functions include: Security & Sandbox Enforcement, Privilege Isolation, Safe Resource Sharing, Service Discovery and Vulnerability Mitigation.

Remark: In system operations, CFNetwork frequently utilizes libxpc to execute specific tasks:

• WebKit Networking: When browsers like Safari load pages, they use the com.apple.WebKit.Networking.xpc component to request resources. This involves CFNetwork communicating via XPC.
• Background Transfers: For background downloads or syncs, CFNetwork interacts with system network daemons through XPC connections to maintain the session while the app is suspended.

Vulnerability detail: A path handling issue was addressed with improved logic. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote user may be able to write arbitrary files.

NVD Published Date: 02/11/2026
NVD Last Modified: 02/13/2026

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2026-20660