UEFITool NE A70 (and companion tools) is the first release to have all NVRAM parsers generated from KaitaiStruct definitions, replacing hand-crafted ones that are proven to be buggy and hard to maintain. Hope the new ones will behave. Do report new bugs! github.com/LongSoft/UEFIT…

CVE-2025-0927 details here! ssd-disclosure.com/ssd-advisory-l…

UEFITool / UEFIExtract / UEFIFind NE A71 - added Kaitai-based parser for Dell DVAR varstores - added tracking of recently opened files - macOS built of UEFITool is now developer-signed - fixed a bunch of minor issues github.com/LongSoft/UEFIT…

We're are happy to announce a new release of our #Rust bindings for Hex-Rays SA idalib. What's new: - New APIs for working with IDBs, segments, and more - Rust 2024 support - New homepage: idalib.rs H/T to our contributors Yegor & [email protected] github.com/binarly-io/ida…

Binarly REsearch is proud to build & support two Hex-Rays SA IDA plugin contest winners: 🔬 efiXplorer by Yegor plugins.hex-rays.com/binarly-io/efi… github.com/binarly-io/efi… 🦀 idalib by Sam Thomas plugins.hex-rays.com/binarly-io/ida… github.com/binarly-io/ida…

The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…

🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: binarly.io/blog/another-c… 🛡️ Advisory: binarly.io/advisories/brl…

Our research on Secure Boot keeps on giving! Today we disclose CVE-2025-3052, a Secure Boot bypass that started with vulnerable signed module found on VirusTotal and ended with 14 hashes added to dbx by Microsoft in today’s Patch Tuesday 🔥

⛓️We recently investigated the newly disclosed Hydroph0bia vulnerability (CVE-2025-4275 discovered by Nikolaj Schlej) to provide our customers with comprehensive, code-level detection. 👉 🧵

🔎From Hidden Semantics to Structured Insights✨ By combining static analysis techniques and tailored heuristic improvements, we've significantly enhanced the precision of type inference, enabling more effective vulnerability triage. lukas seidel Sam Thomas 👏 binarly.io/blog/type-infe…

🚨𝗡𝗲𝘄 𝗛𝗶𝗴𝗵-𝗦𝗲𝘃𝗲𝗿𝗶𝘁𝘆 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗶𝗻 𝗔𝗠𝗜-𝗕𝗮𝘀𝗲𝗱 𝗗𝗲𝘃𝗶𝗰𝗲𝘀 Our Deep Vulnerability Analysis (DVA) technology has automatically uncovered a high-impact vulnerability (CVE-2025-33043) in the AMI MicrocodeUpdate module that's impacting the

Nvidia OSR (Alex Tereshkin, Adam 'pi3' Zabrocki) reveals high-impact Supermicro BMC vulnerabilities (CVE-2024-10237/38/39). Binarly REsearch documenting the details: 👻Ghost in the Controller: Abusing Supermicro BMC Firmware Verification. Read the full story: binarly.io/blog/ghost-in-…

I'm pleased to announce a new version of the Rust bindings for Hex-Rays SA IDA Pro! With: - Improved strings, metadata, and core APIs - Support for the name API Thank you to [email protected] & Willi Ballenthin for contributing! Docs: idalib.rs Code: git.idalib.rs

Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). github.com/xairy/kernel-e…

I'm pleased to announce a new release of the Rust bindings for Hex-Rays SA IDA SDK! This release includes v9.2 compatibility, and a number of new features and fixes. Code: git.idalib.rs Thank you to our contributors: 𝗥𝗬𝗔𝗡 𝗦𝗧𝗢𝗥𝗧𝗭 Cole Leavitt Irate Walrus Yegor

🚨Binarly REsearchers revisit an already-patched Supermicro BMC bug and discover two new high-impact vulnerabilities that expose major gaps in software supply chains. CVE-2025-7937: bypassed “fix” for CVE-2024-10237. CVE-2025-6198: Supermicro RoT bypass. binarly.io/blog/broken-tr…

Great work Anton 👇

⚡️UEFI system firmware still has a mitigation gap, and we measured it. We scanned 5,477 firmware images covering 2.3M+ UEFI modules with the Binarly Transparency Platform. The results are… 🔥 🧵👇 binarly.io/blog/missing-m…

🚀 New Release: Cryptographic Algorithm Identification in Java Bytecode. Our new analyzer scans JARs (and soon Android packages) to uncover algorithm usage, provide reachability insights, and report NIST 8457 compliance. Dive into the details: binarly.io/blog/cryptogra…

I built a program analysis tool which identifies cryptographic algorithms in Java bytecode and wrote about it. Core logic backed by Joern and Code Property Graphs. Hat tip for the great tech Fabian Yamaguchi, and shout-out to Sam Thomas and Yegor for the support