--- title: "Dell Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge | DMARC Report" description: "ReVault flaws in Dell ControlVault3 firmware put Latitude and Precision laptops at risk. Plus federal zero-trust progress and the WSU cyberattack surge." image: "https://dmarcreport.com/og/blog/dell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge.png" canonical: "https://dmarcreport.com/blog/dell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge/" --- Quick Answer ReVault is a set of vulnerabilities disclosed in August 2025 affecting the Broadcom BCM5820X security chip in Dell ControlVault3 firmware on Latitude and Precision laptops. The flaws let attackers read biometric data and credentials, and persist on the device even after a full Windows reinstall. This roundup also covers the federal zero-trust migration still under consideration in the Trump administration, and the surge in cyberattacks at Washington State University. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fdell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Dell%20Laptop%20Vulnerable%2C%20Zero-Trust%20Migration%20Pending%2C%20WSU%20Threat%20Surge&url=undefined%2Fblog%2Fdell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fdell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fdell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge%2F&title=Dell%20Laptop%20Vulnerable%2C%20Zero-Trust%20Migration%20Pending%2C%20WSU%20Threat%20Surge "Share on Reddit") [ ](mailto:?subject=Dell%20Laptop%20Vulnerable%2C%20Zero-Trust%20Migration%20Pending%2C%20WSU%20Threat%20Surge&body=Check out this article: undefined%2Fblog%2Fdell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge%2F "Share via Email") ![Dell Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) \*\*Dell Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge Dell Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge > From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly. Play EpisodePause Episode Mute/Unmute EpisodeRewind 10 Seconds1xFast Forward 30 seconds 00:00/2:24 RSS Feed Share \[ \]( Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge)\[ \]( Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge)\[ \]() Link Embed /\*! This file is auto-generated \*/ ” class=“input-embed input-embed-31811”/> Hola people! August is here, and so are we! Once again, we bring to you a fresh dose of cybersecurity news to help you combat the increasing threat of cyberattacks. Our ultimate goal is to make you aware of the [cyber threats](https://www.cybersecuritydive.com/news/iran-cyberattacks-warning-us-government-israel-war/751963/) that are currently circulating. The only way you can safeguard your sensitive data from these sophisticated cybercrooks is to educate yourself about the latest [cybersecurity](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/) trends. This week, we are going to discuss the Dell laptop vulnerabilities, the zero-trust initiative being pushed by the **US government**, and the increased instances of [cyberattacks](https://www.bbc.com/news/articles/cd6nyng861wo) at WSU. So stay with us and keep reading to secure your data ! ![What is dmarc](https://media.mailhop.org/dmarcreport/images/2025/08/what-is-dmarc-6477.jpg) ## Your Dell laptop can be prone to cybersecurity attacks! If you are a government official, working professional, or cybersecurity expert and own a Dell laptop, here’s something you must know! Millions of Dell laptops, especially those from the Latitude and Precision series, are prone to serious cyber threats. Cybercrooks target the **Broadcom BCM5820X security chip**, which is embedded in [Dell’s ControlVault3 firmware](https://www.dell.com/support/home/en-in/drivers/driversdetails?driverid=63p64). The vulnerabilities, also known as ReVault, enable the [threat actors](https://www.nbcnews.com/tech/security/us-treasury-says-computers-hacked-chinese-threat-actor-rcna185809) to gain easy access to your [biometric data](https://apnews.com/article/chile-us-biometric-data-criminal-homeland-security-noem-941d6e040a920cd453ab5ec2fa7ff021), passwords, and other sensitive details. As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition. ![Dmarc check](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-check-7731.jpg) Experts believe that the consequence of the [ReVault attack on Dell laptops](https://www.darkreading.com/vulnerabilities-threats/revault-security-flaws-dell-laptops) can be severe. The most concerning part about ReVault vulnerabilities is that the device tends to stay compromised even after a complete reinstallation of Windows. _ReVault also enables threat actors to cause physical attacks on the compromised device_. If a threat actor manages to gain physical access to your Dell laptop for a brief period of time, they can conveniently open the chassis and then access the \*\*USH board with the help of a custom connector. A compromised Dell laptop with tampered ControlVault firmware can also be configured in a way that it accepts faulty [fingerprint authentications](https://www.biometricupdate.com/202507/new-high-scores-in-fingerprint-biometrics-accuracy-for-dermalog-roc-innovatrics). Researchers have \*\*literally used spring onions to unlock a compromised laptop. Dell has taken cognizance of the sensitive issue and is working actively with Broadcom to develop firmware updates soon. Dell has already notified its customers about the **security concerns**. It has also been releasing security patches regularly to keep the users safe. ![Dmarc analyzer](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-analyzer-5371.jpg) ## Zero-trust migration is still under consideration to limit threat attack damages The [zero-trust network designs](https://www.cybersecuritydive.com/news/government-zero-trust-migration-black-hat/756985/) gained popularity during the Biden administration. But the initiative is still being considered under the Trump administration. Government agencies are still being encouraged to deploy the zero-trust system . According to Michael Duffy, the acting federal chief of information security, implementing [artificial intelligence](https://news.sap.com/latinamerica/2025/06/embracing-artificial-intelligence-a-transformative-journey-for-latin-america/) in day-to-day operations should be backed by a zero-trust system to ensure complete cybersecurity. Basically, this system creates multiple obstacles for the [cybercrooks](https://www.csoonline.com/article/4032743/cybercrooks-faked-microsoft-oauth-apps-for-mfa-phishing.html) who manage to break into your device. These hurdles significantly limit the extent of damage by quarantining crucial parts of the network and require a **stringent authentication process**. ![Dmarc record](https://media.mailhop.org/dmarcreport/images/2025/08/dmarc-record-3741.jpg) Duffy said that even though the Biden administration is no longer there, [zero-trust architecture](https://www.carriermanagement.com/news/2025/07/25/277781.htm) continues to be an important part of ongoing cybersecurity measures. _The Trump administration sees potential in certain cyber priorities that Biden tried to incorporate during his tenure_. ## WSU witnesses a sudden rise in threat attacks just before financial aid disbursements! The [Washington State University (WSU)](https://en.wikipedia.org/wiki/Washington%5FState%5FUniversity) is experiencing a sudden spike in the instances of cyberattacks just ahead of the **financial aid disbursements**. As a result, the [Information Technology Services (ITS)](https://www.coursera.org/articles/what-is-information-technology) at WSU has boosted its security efforts. ITS has been deploying improved login as well as authentication processes in order to combat [phishing attacks](https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-surge-16/) and account takeover risks. These security measures may lead to certain changes in the login process for the WSU community members. _They have stated that there is nothing to worry about this minor change in the login process and that it’s just a part of the boosted security protocols_. This is not the first time that cybercrooks have targeted an educational institute. According to Educause, the US has been experiencing a sudden spike in financial aid fraud. Upto 2020, the annual financial aid fraud would result in losses of under [$10 million](https://www.newsbreak.com/dailyfly-news-287279308/4160067766640-cybersecurity-threats-spike-at-wsu-ahead-of-financial-aid-disbursements). However, by 2023, the annual losses had hit the **$100 million mark**. The officials at WSU have urged all the students and other users to stay vigilant and practice [cyber hygiene](https://www.k12dive.com/news/powerschool-data-breach-lawsuits-negligence/737900/). They have advised users not to share their authentication codes or passwords with anyone else. Deploying [multifactor authentication](https://www.onelogin.com/learn/what-is-mfa) can also help in thwarting the risk of phishing attacks. To **boost cybersecurity**, many organizations now use [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/) to prevent [email spoofing](https://cointelegraph.com/news/coinbase-gemini-wallet-phishing-scam-targeting-crypto-users) and phishing. Any suspicious login activity should also be reported as soon as possible. ITS has issued a warning that even a single case of account compromise can lead to [malicious redirection](https://cybersecuritynews.com/hackers-weaponize-blogpost-links/) of the [payroll deposits](https://www.fintechfutures.com/accounting-payroll/us-bank-launches-automated-payroll-deposit-feature-for-new-accounts). WSU, as well as ITS, have been working in close coordination to **prevent any unfortunate malicious incident**. However, they believe that every user must act vigilantly to ensure the [security mechanism](https://www.geeksforgeeks.org/computer-networks/types-of-security-mechanism/) is foolproof. ## Sources - [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) - [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025) - [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025) ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/) ![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) [ Vasile Diaconu ](/authors/vasile-diaconu/) Operations Lead Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report. [LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Dell Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge","description":"ReVault flaws in Dell ControlVault3 firmware put Latitude and Precision laptops at risk. Plus federal zero-trust progress and the WSU cyberattack surge.","url":"https://dmarcreport.com/blog/dell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge/","datePublished":"2025-08-08T08:22:26.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-08-08T08:22:26.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/dell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1044,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Dell Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Dell Laptop Vulnerable, Zero-Trust Migration Pending, WSU Threat Surge","item":"https://dmarcreport.com/blog/dell-laptop-vulnerable-zero-trust-migration-pending-wsu-threat-surge/"}]} ```