Blog
Stay informed with our latest posts, updates, and insights from the Binarly team
01/ 06
All Blogs
|
Apr 13, 2026
Binarly Risk Score: A New Approach to Vulnerability Prioritization
Discover the Binarly Risk Score (BRS): a unified, customizable vulnerability scoring system that combines CVSS, EPSS, KEV, and reachability data into a single normalized risk score for any finding type.
Mar 4, 2026
Agentic Vulnerability Research with VulHunt
Discover how VulHunt integrates with large language models to enable agentic vulnerability research and dramatically accelerate binary analysis. By exposing VulHunt’s disassembly, IR, and decompiled code representations through an MCP interface, LLMs can dynamically execute analysis queries, trace data flows, and identify vulnerable patterns with minimal human input.
Mar 2, 2026
VulHunt in Depth: Inside the Binary Vulnerability Analysis Framework
A technical deep dive into VulHunt's architecture and capabilities. We explore how the framework combines intra-procedural dataflow analysis, semantic code pattern matching on decompiled output, type libraries, function signatures, annotated code listings, byte pattern matching, and intermediate representation (IR) matching to enable flexible, architecture-aware vulnerability detection in binaries.
Vulnerability REsearch
Feb 20, 2026
Vulnerability REsearch using VulHunt
We adopt the mindset of a vulnerability researcher and use VulHunt's taint-tracking capabilities to hunt for vulnerabilities in Netgear RAX30 router firmware. From interactive prototyping in the VulHunt shell to building a scalable detection rule, we rediscover CVE-2023-48725 and uncover additional affected binaries — demonstrating VulHunt's full workflow from reconnaissance to automated scanning.
Vulnerability REsearch
Jan 30, 2026
VulHunt in Practice: Detecting a Remote Code Execution Vulnerability in rsync
We walk through writing a VulHunt rule to detect CVE-2024-12084, a heap-based buffer overflow in rsync. Starting from understanding the vulnerability's root cause, we build detection logic step by step — covering rule metadata, function scoping, annotation, order guarantees, and decompiler queries — culminating in a production-ready rule that pinpoints the exact vulnerable code path in stripped binaries.
Vulnerability REsearch
Jan 26, 2026
Have you patched? Are you sure? The story of the sticky Supermicro BMC bugs
After repeatedly bypassing Supermicro's BMC firmware validation fixes, we detail CVE-2025-12006 and CVE-2025-12007 — the latest in a year-long chain of vulnerabilities that allowed persistent arbitrary code execution through manipulated firmware update images. We walk through each bypass technique, analyze the final patches, and assess whether these critical issues are truly resolved.
Jan 20, 2026
Introducing VulHunt: A High-Level Look at Binary Vulnerability Detection
Existing tools for checking binaries against known vulnerabilities rely on version strings or simple byte patterns, leading to high false-positive rates and little actionable insight. We built VulHunt to bring code-level, semantic vulnerability detection to binaries — combining dataflow analysis, IR matching, and pattern matching into a single framework that delivers precise, annotated findings at scale.
Vulnerability REsearch
Nov 18, 2025
How an Old Bug in Lighttpd Gained New Life in AMI BMC, Including Lenovo and Intel products
The software supply chain is complicated, and all the issues associated with it are something we haven't dealt with before and require a different mindset and approach. The vulnerability in Lighttpd was discovered and fixed back in 2018, but a CVE was not assigned to this vulnerability, and a fix was delivered silently by project maintainers. Frequently, the software that uses the open-sourced components does not consume every single update coming from OSS maintainers and only watches the critical changes or important security fixes to apply. In reality, it's hard to track every change for security issues without specific security advisories and CVE assigned.
Lighttpd
Sep 24, 2025
Broken Trust: Fixed Supermicro BMC Bug Gains a New Life in Two New Vulnerabilities
In a previous blog post, we detailed three Supermicro BMC firmware vulnerabilities that were originally found by the NVIDIA Offensive Security Research Team and disclosed earlier this year. All these issues were related to the BMC firmware update process and could be exploited by an attacker with administrative access to the BMC operating system who uploaded a specially crafted image.
Vulnerability REsearch
Sep 10, 2025
Signed and Dangerous: BYOVD Attacks on Secure Boot
The Binarly REsearch team conducted an analysis of signed UEFI modules and the findings show the true scale of the attack surface hidden inside Secure Boot's trust model. Across thousands of firmware images, we found that modern platforms typically trust approximately 1,500 signed modules, with some builds peaking above 4,000.
Threat Intelligence
Aug 12, 2025
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images
In this blog, we share a new finding in the XZ Utils saga: several Docker images built around the time of the compromise contain the backdoor. At first glance, this might not seem alarming: if the distribution packages were backdoored, then any Docker images based on them would be infected as well. However, what we discovered is that some of these compromised images are still publicly available on Docker Hub.
XZ BackdoorThreat Intelligence
Jul 2, 2025
Ghost in the Controller: Abusing Supermicro BMC Firmware Verification
Binarly REsearch has investigated alarming vulnerabilities in Supermicro BMC firmware, including a critical signature verification bypass (CVE-2024-10237). These issues provide attackers persistent control beneath the OS level.
Vulnerability REsearch
Jun 17, 2025
Type Inference for Decompiled Code: From Hidden Semantics to Structured Insights
Learn how Binarly enhances decompiled code by recovering meaningful type info—boosting binary analysis, triage, and reverse engineering accuracy.
Program Analysis
Jun 10, 2025
Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass
Binarly uncovers CVE-2025-3052: a Secure Boot bypass affecting most UEFI devices, enabling attackers to run unsigned code before OS load.
Vulnerability REsearch
Apr 23, 2025
The Hidden Danger of Probabilistic Scoring: Introducing Exploitation Maturity Score (EMS)
Introducing Exploitation Maturity Score (EMS), designed to measure the present by using real-world signals like public PoCs, exploit reliability, ransomware activity, public and private threat intelligence telemetry.
Threat Intelligence
Apr 16, 2025
Mapping Binarly Capabilities to Gartner's Software Supply Chain Security Framework
In April 2025, Gartner released its Market Guide for Software Supply Chain Security (SSCS), highlighting three core objectives for enterprise CISOs (Chief Information Security Officers) and cybersecurity leaders to prioritize.
Program Analysis
Mar 20, 2025
Clevo Boot Guard Keys Leaked in Update Package
Over the past few years, the Binarly Research team has led the way in documenting security problems haunting the entire UEFI ecosystem. We presented our discoveries at major security conferences like OffensiveCon, Black Hat, LABScon and RE//verse to share data and collaborate with the industry to secure the UEFI ecosystem.
Threat Intelligence
Mar 13, 2025
UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior
In this blog post, the Binarly REsearch team introduces a novel methodology for detecting UEFI bootkits by analyzing their unique code behaviors. By starting from an in-depth analysis of known bootkits, we identify features that can be used for generically detecting bootkits and build rules that we used for hunting new unknown bootkits. Then, we show how these rules can be even further improved, by leveraging advanced static analysis techniques, semantic detection and ML-based clustering.
Program Analysis
Mar 12, 2025
Binarly Transparency Platform v2.8 Features Advanced Image Diffing
The all-new Binarly Transparency Platform v2.8 represents a pivotal leap forward in our engineering and product development processes as we shift to a more agile, monthly release cadence. This latest release introduces advanced image diffing, refined role-based access control (RBAC), and enhanced vulnerability detection capabilities, marking a significant step forward in the cybersecurity landscape.
Program Analysis
Feb 13, 2025
Binarly Tracking Updates for CVE-2024-56161 – A 'High Risk' Microcode Flaw in AMD CPU's
Microcode has always been a crucial component in platform security for the x86 ecosystem. Any vulnerability in microcode leads to significant issues and long-standing side effects across the entire industry. Last week, we witnessed a rare instance of such a vulnerability highlighting potential gaps in AMD's product security practices, prompting industry-wide discussion on the security implications for confidential computing.
Vulnerability REsearchThreat Intelligence
Jan 29, 2025
Binarly Transparency Platform v2.7 Hits New Milestone, Propelling Enterprises Toward Post-Quantum Readiness
New cryptographic reachability and PQC compliance features position forward-looking organizations to meet evolving NIST standards with confidence.
Program Analysis
Jan 21, 2025
From Trust to Trouble: The Supply Chain Implications of a Broken DBX
Binarly REsearch provides a retrospective view on how updates to dbx were handled, both for this new CVE and in the past.
Threat Intelligence
Nov 29, 2024
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
Binarly researchers find a direct connection between the newly discovered Bootkitty Linux bootkit and exploitation of the LogoFAIL image parsing vulnerabilities reported more than a year ago.
LogoFail
Oct 8, 2024
Meet Binary Risk Hunt: A Free Vulnerability Scanner With SBOM Generation
Binarly releases Binary Risk Hunt, a free vulnerability scanner with software bill of material generator.
Program Analysis
Sep 26, 2024
CVE-2024-36435 Deep-Dive: The Year's Most Critical BMC Security Flaw
This vulnerability got our attention for many reasons: firstly, the vendor agreed on the critical impact; and secondly, the nature of the vulnerability where an unauthenticated user can remotely trigger the code flow with a simple post request and cause the arbitrary code execution over classical stack overflow (CWE-121).
Vulnerability REsearch
Sep 19, 2024
Repeatable Failures: Test Keys Used to Sign Production Software…Again?
After discovering PKFail, the Binarly REsearch team went on the hunt for other instances of non-production test keys being used in firmware binaries. In this case, non-production test keys were originally generated by reference implementation vendors sitting at the top of the supply chain and then propagated to downstream vendors which often failed to replace them.
Vulnerability REsearchThreat Intelligence
Sep 16, 2024
PKfail Two Months Later: Reflecting on the Impact
In this blog, we dive deeper into newly discovered data points gathered from our free detection service pk.fail and major vendor acknowledgements and developments since the initial disclosure of PKfail in July.
PKFail
Sep 4, 2024
Introducing Binary Reachability Analysis [Binarly Transparency Platform v2.5]
Binarly Unveils Transparency Platform 2.5 with Advanced Reachability Analysis
Program Analysis
Jul 25, 2024
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
PKfail is a zero day disclosure detected by the Binarly REsearch Team. PKfail is a firmware supply-chain issue affecting hundreds of device models in the UEFI ecosystem. The problem arises from the Secure Boot "master key," known as the Platform Key (PK) in UEFI terminology, which is untrusted because it is generated by Independent BIOS Vendors (IBVs) and shared among different vendors.
PKFail
Jun 19, 2024
Blind Trust and Broken Fixes: The Ongoing Battle with LogoFAIL Vulnerabilities
In this follow-up research 6 months after public disclosure of LogoFAIL, we dive deeper into the shallow waters of the firmware supply chain confusion and the blind trust in the reference code and firmware developers. The Binarly Transparency Platform detects unfixed devices daily.
LogoFail
01/ 03
Showing 1-30 of 66 results
Ship and buy software you can prove is safe.
Schedule a live demo to see how Binarly validates SBOM/CBOM, surfaces risks, and charts a measurable path to post-quantum readiness