CVE-2026-7413 Persistent undocumented backdoor access in Yarbo robot

A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated or weakly authenticated access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates...

CVE-2025-34503 Shuffle Master Deck Mate 1 Unauthenticated EEPROM Firmware Execution

Deck Mate 1 executes firmware directly from an external EEPROM without verifying authenticity or integrity. An attacker with physical access can replace or reflash the EEPROM to run arbitrary code that persists across reboots. Because this design predates modern secure-boot or signed-update...

China-linked Hackers Targeting Unpatched SonicWall SMA Devices with Malware

A suspecting China-linked hacking campaign has been observed targeting unpatched SonicWall Secure Mobile Access SMA 100 appliances to drop malware and establish long-term persistence. "The malware has functionality to steal user credentials, provide shell access, and persist through firmware...

PT-2022-25306 · Unknown · Overclocksmihandler

Name of the Vulnerable Software and Affected Versions: OverClockSmiHandler affected versions not specified Description: An attacker can exploit this issue to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than the...