研究人员发现了两个能完全绕过 Secure Boot 的漏洞利用,而微软在本周二的例行安全更新中只给一个(CVE-2025-3052)打上补丁。CVE-2025-3052 的原因是 DT Research 所售设备主板用于刷固件的工具存在一个高危漏洞。问题模块使用了 Microsoft Corporation UEFI CA 2011 签名,微软在安全补丁中屏蔽了相关工具。第二个漏洞 CVE-2025-47827 与 Linux 内核模块 IGEL 相关,它也使用了微软签名。但微软尚未撤销该签名。
研究人员发现了两个能完全绕过 Secure Boot 的漏洞利用,而微软在本周二的例行安全更新中只给一个(CVE-2025-3052)打上补丁。CVE-2025-3052 的原因是 DT Research 所售设备主板用于刷固件的工具存在一个高危漏洞。问题模块使用了 Microsoft Corporation UEFI CA 2011 签名,微软在安全补丁中屏蔽了相关工具。第二个漏洞 CVE-2025-47827 与 Linux 内核模块 IGEL 相关,它也使用了微软签名。但微软尚未撤销该签名。
The campaign, which security firm Check Point has named Rampant Kitten, comprises two main components, one for Windows and the other for Android. Rampant Kitten’s objective is to steal Telegram messages, passwords, and two-factor authentication codes sent by SMS and then also take screenshots and record sounds within earshot of an infected phone, the researchers said in a post published on Friday.
Spiking bond yields driving sharp losses in tech stocks
A spike in interest rates since the start of the year has accelerated a rotation out of high-growth technology stocks and into value stocks poised to benefit from a reopening of the economy. The Nasdaq has fallen more than 10% over the past month as the Dow has soared to record highs, with a spike in the 10-year US Treasury yield acting as the main catalyst. It recently surged to a cycle high of more than 1.60% after starting the year below 1%. But according to Jim Paulsen, the Leuthold Group's chief investment strategist, rising interest rates do not represent a long-term threat to the stock market. Paulsen expects the 10-year yield to cross 2% by the end of the year.
A spike in interest rates and its impact on the stock market depends on the economic backdrop, according to Paulsen. Rising interest rates amid a strengthening economy "may prove no challenge at all for stocks," Paulsen said.
