Eleven Vulnerable UEFI Shims Enable Secure Boot Bypass
Eleven forgotten Microsoft-signed UEFI shims can bypass Secure Boot on almost any machine
Stay updated on the latest bypass techniques threatening information security. Discover defenses and trends in system vulnerabilities with our insights.
Search across headline titles and summaries.
Background for this topic.
Bypass describes attacker methods that circumvent specific security controls, such as authentication checks, input validation, or detection systems, without directly exploiting the underlying vulnerability. These techniques often leverage design flaws, misconfigurations, or protocol weaknesses to evade protections like firewalls, multi-factor authentication, or antivirus scanning.
Bypassing controls can enable unauthorized access, data exfiltration, or persistent presence while avoiding alerts, complicating detection and response. Effective defense requires layered security measures, rigorous configuration management, and continuous validation of control effectiveness to identify and close bypass paths before attackers exploit them.
Weekly headline count for the current query.
Eleven forgotten Microsoft-signed UEFI shims can bypass Secure Boot on almost any machine
Misconfigured server exposed three phishing operators running Evilginx forks to bypass MFA
Critical phpBB authentication bypass lets attackers hijack any account with one request
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
Bridewell report calls out emergence of “fix-style” attacks
macOS LOTL techniques bypass detection using native tools and metadata abuse
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA
Android’s LSPosed-based attack hijacks payment apps via runtime manipulation and SIM-binding bypass
Palo Alto Networks’ Unit 42 has developed a successful attack to bypass safety guardrails in popular generative AI tools
Threat actors posing as IT support teams use phishing kits to generate fake login sites in real-time to trick victims into handing over credentials
Researchers at the World Economic Forum have shown that threat actors can use commercial deepfake tools to bypass corporate security protections
Entrust says AI is helping fraudsters open new accounts and bypass biometric checks
HybridPetya ransomware mimics Petya/NotPetya, with an added UEFI bootkit and Secure Boot bypass
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps
Barracuda observed new methods to disguise phishing links in Tycoon phishing attacks, which are designed to bypass automated email security systems
The UK National Cyber Security Centre thinks public disclosure programs could help mitigate AI safety threats