This research demonstrates how easily full persistence can be achieved on Supermicro BMC, allowing complete takeover of the server.

- CVE-2025-7937: bypassed “fix” for CVE-2024-10237.
- CVE-2025-6198: Supermicro RoT bypass.

www.binarly.io/blog/broken-...

Another Crack in the Chain of Trust: Uncovering (Yet Another) #secureboot Bypass

https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

#hydroph0bia (CVE-2025-4275) - a trivial #secureboot bypass for UEFI-compatible firmware based on Insyde #h2o, part 1

https://coderush.me/hydroph0bia-part1/

We're are happy to announce a new release of our #Rust bindings for idalib.

What's new:
- New APIs for working with IDBs, segments, and more
- Rust 2024 support
- New homepage: idalib.rs

H/T to our contributors @yeggor.bsky.social & @raptor.infosec.exchange.ap.brid.gy

github.com/binarly-io/i...

Listening to @matrosov.bsky.social and @pagabuc.bsky.social at #RSAC

In case you missed it from #LABScon24: BINARLY’s @matrosov.bsky.social and @pagabuc.bsky.social reveal their research into a firmware supply-chain security issue that affected major device vendors and hundreds of models, PKfail.

📺 Watch the full video: s1.ai/PKfail