32 matches found
Vendor-signed UEFI applications found vulnerable to Secure Boot bypass
Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...
Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass
Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database DBX. Once the D...
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver BYOVD technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have...
CVE-2025-14963
A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...
PT-2026-21777
Name of the Vulnerable Software and Affected Versions Trellix HX Agent affected versions not specified Description A security issue exists in the Trellix HX Agent driver file fekern.sys that could allow a local user to gain elevated system privileges. Exploitation involved leveraging a Bring Your...
Exploit for CVE-2026-0828
💀 0xKern3lCrush-M4te-CVE-2026-0828 Windows BYOVD Research &...
EUVD-2025-4964
Malicious code in bioql PyPI...
EUVD-2022-15239
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2024-51324
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...
[SECURITY] Fedora 42 Update: python-h11-0.14.0-7.fc42
This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...
Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks
A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response EDR software on compromised hosts, according to ESET...
Paragon Software Hard Disk Manager product line contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks
Overview The Paragon Software Hard Disk Manager HDM product line contains a vulnerable driver titled BioNTdrv.sys. The driver, versions 10.1.X.Y and older, 1.0.0.0, 1.1.0.0, 1.3.0.0, 1.4.0.0, and 1.5.1.0, contain five vulnerabilities. These include arbitrary kernel memory mapping and write...
CVE-2024-51324
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...
CVE-2024-51324
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...
CVE-2024-51324
CVE-2024-51324 exists in Baidu Antivirus driver BdApiUtil64.sys (v5.2.3.116083). The vulnerability arises from an IOCTL handler (0x800024B4) that terminates a target process without privilege validation, enabling a BYOVD attack to kill arbitrary processes from user mode. Exploitation chain demons...
January 14, 2025—KB5050013 (OS Build 10240.20890) - EXPIRED
January 14, 2025—KB5050013 OS Build 10240.20890 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...
Exploring vulnerable Windows drivers
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver BYOVD technique along with Cisco Talos' series of posts about malicious Windows drivers. Some of this research was presented at the AVAR conference in Chennai at the beginning of December...
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver BYOVD to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast...
Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 CVSS score: 7.8, which can permit an...
CVE-2023-23632
BeyondTrust Privileged Remote Access PRA versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the...