Blog
Stay informed with our latest posts, updates, and insights from the Binarly team
01/ 06
All Blogs
|
Jun 1, 2026
Patched But Vulnerable, Vulnerable But Patched: What Your Scanner Isn't Telling You
Binary patch validation helps identify patched and vulnerable code directly in compiled binaries, reducing false positives from version checks.
Jun 1, 2026
Patched But Vulnerable, Vulnerable But Patched: What Your Scanner Isn't Telling You
Binary patch validation helps identify patched and vulnerable code directly in compiled binaries, reducing false positives from version checks.
Apr 13, 2026
Binarly Risk Score: A New Approach to Vulnerability Prioritization
Discover the Binarly Risk Score (BRS): a unified, customizable vulnerability scoring system that combines CVSS, EPSS, KEV, and reachability data into a single normalized risk score for any finding type.
Apr 13, 2026
Binarly Risk Score: A New Approach to Vulnerability Prioritization
Discover the Binarly Risk Score (BRS): a unified, customizable vulnerability scoring system that combines CVSS, EPSS, KEV, and reachability data into a single normalized risk score for any finding type.
Mar 4, 2026
Agentic Vulnerability Research with VulHunt
Discover how VulHunt integrates with large language models to enable agentic vulnerability research and dramatically accelerate binary analysis. By exposing VulHunt’s disassembly, IR, and decompiled code representations through an MCP interface, LLMs can dynamically execute analysis queries, trace data flows, and identify vulnerable patterns with minimal human input.
Mar 4, 2026
Agentic Vulnerability Research with VulHunt
Discover how VulHunt integrates with large language models to enable agentic vulnerability research and dramatically accelerate binary analysis. By exposing VulHunt’s disassembly, IR, and decompiled code representations through an MCP interface, LLMs can dynamically execute analysis queries, trace data flows, and identify vulnerable patterns with minimal human input.
Mar 2, 2026
VulHunt in Depth: Inside the Binary Vulnerability Analysis Framework
A technical deep dive into VulHunt's architecture and capabilities. We explore how the framework combines intra-procedural dataflow analysis, semantic code pattern matching on decompiled output, type libraries, function signatures, annotated code listings, byte pattern matching, and intermediate representation (IR) matching to enable flexible, architecture-aware vulnerability detection in binaries.
Vulnerability REsearch
Mar 2, 2026
VulHunt in Depth: Inside the Binary Vulnerability Analysis Framework
A technical deep dive into VulHunt's architecture and capabilities. We explore how the framework combines intra-procedural dataflow analysis, semantic code pattern matching on decompiled output, type libraries, function signatures, annotated code listings, byte pattern matching, and intermediate representation (IR) matching to enable flexible, architecture-aware vulnerability detection in binaries.
Vulnerability REsearch
Feb 20, 2026
Vulnerability REsearch using VulHunt
We adopt the mindset of a vulnerability researcher and use VulHunt's taint-tracking capabilities to hunt for vulnerabilities in Netgear RAX30 router firmware. From interactive prototyping in the VulHunt shell to building a scalable detection rule, we rediscover CVE-2023-48725 and uncover additional affected binaries — demonstrating VulHunt's full workflow from reconnaissance to automated scanning.
Vulnerability REsearch
Feb 20, 2026
Vulnerability REsearch using VulHunt
We adopt the mindset of a vulnerability researcher and use VulHunt's taint-tracking capabilities to hunt for vulnerabilities in Netgear RAX30 router firmware. From interactive prototyping in the VulHunt shell to building a scalable detection rule, we rediscover CVE-2023-48725 and uncover additional affected binaries — demonstrating VulHunt's full workflow from reconnaissance to automated scanning.
Vulnerability REsearch
Jan 30, 2026
VulHunt in Practice: Detecting a Remote Code Execution Vulnerability in rsync
We walk through writing a VulHunt rule to detect CVE-2024-12084, a heap-based buffer overflow in rsync. Starting from understanding the vulnerability's root cause, we build detection logic step by step — covering rule metadata, function scoping, annotation, order guarantees, and decompiler queries — culminating in a production-ready rule that pinpoints the exact vulnerable code path in stripped binaries.
Vulnerability REsearch
Jan 30, 2026
VulHunt in Practice: Detecting a Remote Code Execution Vulnerability in rsync
We walk through writing a VulHunt rule to detect CVE-2024-12084, a heap-based buffer overflow in rsync. Starting from understanding the vulnerability's root cause, we build detection logic step by step — covering rule metadata, function scoping, annotation, order guarantees, and decompiler queries — culminating in a production-ready rule that pinpoints the exact vulnerable code path in stripped binaries.
Vulnerability REsearch
Jan 26, 2026
Have you patched? Are you sure? The story of the sticky Supermicro BMC bugs
After repeatedly bypassing Supermicro's BMC firmware validation fixes, we detail CVE-2025-12006 and CVE-2025-12007 — the latest in a year-long chain of vulnerabilities that allowed persistent arbitrary code execution through manipulated firmware update images. We walk through each bypass technique, analyze the final patches, and assess whether these critical issues are truly resolved.
Jan 26, 2026
Have you patched? Are you sure? The story of the sticky Supermicro BMC bugs
After repeatedly bypassing Supermicro's BMC firmware validation fixes, we detail CVE-2025-12006 and CVE-2025-12007 — the latest in a year-long chain of vulnerabilities that allowed persistent arbitrary code execution through manipulated firmware update images. We walk through each bypass technique, analyze the final patches, and assess whether these critical issues are truly resolved.
Jan 20, 2026
Introducing VulHunt: A High-Level Look at Binary Vulnerability Detection
Existing tools for checking binaries against known vulnerabilities rely on version strings or simple byte patterns, leading to high false-positive rates and little actionable insight. We built VulHunt to bring code-level, semantic vulnerability detection to binaries — combining dataflow analysis, IR matching, and pattern matching into a single framework that delivers precise, annotated findings at scale.
Vulnerability REsearch
Jan 20, 2026
Introducing VulHunt: A High-Level Look at Binary Vulnerability Detection
Existing tools for checking binaries against known vulnerabilities rely on version strings or simple byte patterns, leading to high false-positive rates and little actionable insight. We built VulHunt to bring code-level, semantic vulnerability detection to binaries — combining dataflow analysis, IR matching, and pattern matching into a single framework that delivers precise, annotated findings at scale.
Vulnerability REsearch
Nov 18, 2025
How an Old Bug in Lighttpd Gained New Life in AMI BMC, Including Lenovo and Intel products
The software supply chain is complicated, and all the issues associated with it are something we haven't dealt with before and require a different mindset and approach. The vulnerability in Lighttpd was discovered and fixed back in 2018, but a CVE was not assigned to this vulnerability, and a fix was delivered silently by project maintainers. Frequently, the software that uses the open-sourced components does not consume every single update coming from OSS maintainers and only watches the critical changes or important security fixes to apply. In reality, it's hard to track every change for security issues without specific security advisories and CVE assigned.
Lighttpd
Nov 18, 2025
How an Old Bug in Lighttpd Gained New Life in AMI BMC, Including Lenovo and Intel products
The software supply chain is complicated, and all the issues associated with it are something we haven't dealt with before and require a different mindset and approach. The vulnerability in Lighttpd was discovered and fixed back in 2018, but a CVE was not assigned to this vulnerability, and a fix was delivered silently by project maintainers. Frequently, the software that uses the open-sourced components does not consume every single update coming from OSS maintainers and only watches the critical changes or important security fixes to apply. In reality, it's hard to track every change for security issues without specific security advisories and CVE assigned.
Lighttpd
Sep 24, 2025
Broken Trust: Fixed Supermicro BMC Bug Gains a New Life in Two New Vulnerabilities
In a previous blog post, we detailed three Supermicro BMC firmware vulnerabilities that were originally found by the NVIDIA Offensive Security Research Team and disclosed earlier this year. All these issues were related to the BMC firmware update process and could be exploited by an attacker with administrative access to the BMC operating system who uploaded a specially crafted image.
Vulnerability REsearch
Sep 24, 2025
Broken Trust: Fixed Supermicro BMC Bug Gains a New Life in Two New Vulnerabilities
In a previous blog post, we detailed three Supermicro BMC firmware vulnerabilities that were originally found by the NVIDIA Offensive Security Research Team and disclosed earlier this year. All these issues were related to the BMC firmware update process and could be exploited by an attacker with administrative access to the BMC operating system who uploaded a specially crafted image.
Vulnerability REsearch
Sep 10, 2025
Signed and Dangerous: BYOVD Attacks on Secure Boot
The Binarly REsearch team conducted an analysis of signed UEFI modules and the findings show the true scale of the attack surface hidden inside Secure Boot's trust model. Across thousands of firmware images, we found that modern platforms typically trust approximately 1,500 signed modules, with some builds peaking above 4,000.
Threat Intelligence
Sep 10, 2025
Signed and Dangerous: BYOVD Attacks on Secure Boot
The Binarly REsearch team conducted an analysis of signed UEFI modules and the findings show the true scale of the attack surface hidden inside Secure Boot's trust model. Across thousands of firmware images, we found that modern platforms typically trust approximately 1,500 signed modules, with some builds peaking above 4,000.
Threat Intelligence
Aug 12, 2025
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images
In this blog, we share a new finding in the XZ Utils saga: several Docker images built around the time of the compromise contain the backdoor. At first glance, this might not seem alarming: if the distribution packages were backdoored, then any Docker images based on them would be infected as well. However, what we discovered is that some of these compromised images are still publicly available on Docker Hub.
XZ BackdoorThreat Intelligence
Aug 12, 2025
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images
In this blog, we share a new finding in the XZ Utils saga: several Docker images built around the time of the compromise contain the backdoor. At first glance, this might not seem alarming: if the distribution packages were backdoored, then any Docker images based on them would be infected as well. However, what we discovered is that some of these compromised images are still publicly available on Docker Hub.
XZ BackdoorThreat Intelligence
Jul 2, 2025
Ghost in the Controller: Abusing Supermicro BMC Firmware Verification
Binarly REsearch has investigated alarming vulnerabilities in Supermicro BMC firmware, including a critical signature verification bypass (CVE-2024-10237). These issues provide attackers persistent control beneath the OS level.
Vulnerability REsearch
Jul 2, 2025
Ghost in the Controller: Abusing Supermicro BMC Firmware Verification
Binarly REsearch has investigated alarming vulnerabilities in Supermicro BMC firmware, including a critical signature verification bypass (CVE-2024-10237). These issues provide attackers persistent control beneath the OS level.
Vulnerability REsearch
Jun 17, 2025
Type Inference for Decompiled Code: From Hidden Semantics to Structured Insights
Learn how Binarly enhances decompiled code by recovering meaningful type info—boosting binary analysis, triage, and reverse engineering accuracy.
Program Analysis
Jun 17, 2025
Type Inference for Decompiled Code: From Hidden Semantics to Structured Insights
Learn how Binarly enhances decompiled code by recovering meaningful type info—boosting binary analysis, triage, and reverse engineering accuracy.
Program Analysis
Jun 10, 2025
Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass
Binarly uncovers CVE-2025-3052: a Secure Boot bypass affecting most UEFI devices, enabling attackers to run unsigned code before OS load.
Vulnerability REsearch
Jun 10, 2025
Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass
Binarly uncovers CVE-2025-3052: a Secure Boot bypass affecting most UEFI devices, enabling attackers to run unsigned code before OS load.
Vulnerability REsearch
01/ 05
Showing 1-30 of 133 results
Ship and buy software you can prove is safe.
Schedule a live demo to see how Binarly validates SBOM/CBOM, surfaces risks, and charts a measurable path to post-quantum readiness