---
title: Threat Intelligence Center - Capstone Technologies Group
description: Critical UEFI vulnerabilities (CVE-2025-11901, CVE-2025-14302-14304) enable DMA attacks on major motherboards. Understand the risks and mitigation strategies.
canonical_url: https://captechgroup.com/threat-intelligence-center?start=294
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=294.
markdown-tokens: 1278
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=294. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Illustration of CVE-2025-14304](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/9ba612b8f5.jpg) ](https://captechgroup.com/threat-intelligence-center/new-uefi-flaw-enables-early-boot-dma-attacks-on-as-1767223032-1767223034 "New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards")  Security researchers have discovered critical UEFI vulnerabilities affecting motherboards from ASRock, ASUS, GIGABYTE, and MSI that enable direct memory access (DMA) attacks during the early boot phase. These flaws, tracked as CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, and CVE-2025-14304, pose significant risks to cloud computing environments, data centers, and gaming infrastructure.



 

 

 

 

  [ ![Illustration of CVE-2025-13915](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/c61196a90a.jpg) ](https://captechgroup.com/threat-intelligence-center/ibm-warns-of-critical-api-connect-auth-bypass-vuln-1767220897-1767220898 "IBM warns of critical API Connect auth bypass vulnerability")  IBM has issued a critical security warning regarding an authentication bypass vulnerability in IBM API Connect, tracked as CVE-2025-13915. This vulnerability impacts organizations across banking, healthcare, retail, and telecommunications sectors that rely on API Connect for managing and securing their application programming interfaces.



 

 

 

  [ ![Illustration of Ivanti threat](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/4e31df80e0.jpg) ](https://captechgroup.com/threat-intelligence-center/sunken-ships-will-organizations-learn-from-ivanti-epmm-attacks-1767219227 "Sunken Ships: Will Organizations Learn From Ivanti EPMM Attacks?") Recent Ivanti EPMM attacks leveraging CVE-2025-4427 and CVE-2025-4428 have exposed critical vulnerabilities in enterprise mobility management infrastructure. The FRP threat vector is actively targeting financial services, UK government agencies, hospitals, and telecommunications providers.

 

 

 

 

  [ ![Illustration of From the Hill: The AI-Cybersecurity Imperative in Financial Services](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/4bd0493b1b.jpg) ](https://captechgroup.com/threat-intelligence-center/from-the-hill-the-ai-cybersecurity-imperative-in-financial-services-1767148715 "From the Hill: The AI-Cybersecurity Imperative in Financial Services")  As financial services and housing sectors navigate an increasingly complex threat landscape, the intersection of artificial intelligence and cybersecurity has become a critical policy priority. Industry leaders and government stakeholders are examining how AI capabilities can strengthen defenses while addressing regulatory requirements and operational resilience.



 

 

 

  [ ![Illustration of Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/8b4707d2fe.jpg) ](https://captechgroup.com/threat-intelligence-center/experts-confirm-js-smuggler-uses-compromised-sites-to-deploy-netsupport-rat "Experts Confirm JS#SMUGGLER Uses Compromised Sites to Deploy NetSupport RAT")  Security researchers have confirmed that JS#SMUGGLER, a threat actor group, is systematically compromising legitimate websites to serve as distribution vectors for NetSupport RAT, a remote access trojan. This multi-stage attack leverages website vulnerabilities to inject malicious code, enabling attackers to establish persistent access to victim systems.



 

 

 

  [ ![Illustration of Win.Worm.Coinminer::1201](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/1d4930d55b.jpg) ](https://captechgroup.com/threat-intelligence-center/adios-2025-you-won-t-be-missed-qilin-and-uat-9686-threat-actors-behind-win-worm-coinminer-campaign-1767147101 "Adios 2025, You Won't Be Missed: Qilin and UAT-9686 Threat Actors Behind Win.Worm.Coinminer Campaign") The year 2025 concludes with critical insights into coordinated threat actor operations targeting critical infrastructure sectors. Qilin and UAT-9686 orchestrated widespread Win.Worm.Coinminer distribution campaigns, leveraging CVE-2025-59718 and CVE-2025-59719 to compromise systems in automotive, government, and manufacturing industries.

 

 

 

 

  [ ![Illustration of AMOS](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/4a329f711d.jpg) ](https://captechgroup.com/threat-intelligence-center/clickfix-style-attack-uses-grok-chatgpt-for-malware-delivery-1765918358 "ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery") Security researchers have identified a sophisticated attack campaign that exploits AI language models including Grok and ChatGPT to facilitate malware distribution. This ClickFix-style attack leverages AMOS malware and osascript execution to compromise systems at scale. The threat actors use AI-generated social engineering content to increase success rates while automating delivery mechanisms.
