About 200K Linux systems from Framework shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. Firmware security company Eclypsium warns that about 200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. The experts pointed out that signed […]

Plus de 200 000 machines Framework sous Linux ont été livrées avec un UEFI vulnérable qui met en péril le Secure Boot : les bootkits peuvent en profiter.

Onderzoekers van beveiliger ESET hebben een ransomware-bootkit ontdekt die de opstartprocedure van een computer kan omzeilen. Ze vonden sporen van wat de

Cisco ASA zero-day attacks used RayInitiator bootkit and LINE VIPER malware to breach end-of-support firewalls.

HybridPetya is the new ransomware-bootkit combo that bypasses UEFI Secure Boot on unrevoked Windows systems, exploiting a patched vulnerability. While it's a proof-of-concept for now, its potential makes it a noteworthy threat. Unlike its destructive predecessors, HybridPetya encrypts rather than wipes, offering a glimpse into future cyber threats.

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality 16 Sep 2025 ESET researchers have uncovered a new ransomware strain that they have named HybridPetya. While resembling the infamous Petya/NotPetya malware, it comes with a new and dangerous twist – it adds the ability to compromise UEFI-based systems and weaponize CVE‑2024‑7344 in order to bypass UEFI Secure Boot on outdated systems.

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality 16 Sep 2025 ESET researchers have uncovered a new ransomware strain that they have named HybridPetya. While resembling the infamous Petya/NotPetya malware, it comes with a new and dangerous twist – it adds the ability to compromise UEFI-based systems and weaponize CVE‑2024‑7344 in order to bypass UEFI Secure Boot on outdated systems.

HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality

Les chercheurs d’ESET ont identifié une nouvelle souche de ransomware inspirée de Petya, capable de compromettre le démarrage Windows en infectant la partition EFI. Un prototype techniquement abouti,…

Your weekly strategic brief on the cyber threat landscape. Uncover the deeper patterns behind attacks, from bootkit malware to legal actions and regul

The Binarly Research Team demonstrates how a Secure Boot bypass on Windows 11 can be exploited to deploy the redlotus-rs bootkit, allowing unprivileged users to install a kernel driver. Follow Binar...

RootedCON no longer uploads talks to its official YouTube channel. This change came after some companies stopped covering travel or ticket costs for their employees, arguing that the talks would be pu...

In a world where threats are persistent, the modern CISO’s real job isn't just to secure technology—it's to preserve institutional trust and ensure business continuity. This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of AI-driven attacks, the

Introduction: A new and sophisticated ransomware variant, dubbed HybridPetya, has emerged, leveraging a critical vulnerability to bypass UEFI Secure Boot protections. This attack methodology harks back to the destructive NotPetya attacks, but with a modern twist that targets the very foundation of system integrity, rendering machines inoperable by encrypting core boot components before the operating system even loads. Learning Objectives:

: Although it hasn't been seen in the wild yet

HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass