Binarly is celebrating Phrack Zine 40th anniversary! 61st floor energy. Legends only 🎉

Get your phrack signed at the No Starch Press booth at DEF CON Sat at 4p! We'll have Rodrigo Branco, chompie, Battle Programmer Yuu, hermit, and Richard Johnson for this rare event! #phrack72 #phrackat40

The Bootkitty story continues on the USENIX WOOT Conference on Offensive Technologies stage!

🔥 Researchers at Binarly find the XZ Utils backdoor in publicly available Docker Images BINARLY🔬 binarly.io/blog/persisten…

🚀efiXplorer just hit 1,000⭐️ on GitHub! Huge thanks to everyone who’s used, supported, and shared feedback, you made this possible! github.com/binarly-io/efi…

🚨More than a year after the XZ Utils crisis, we found 35+ publicly available Docker Hub images still carrying the backdoor, some tagged “latest”. Long-tail supply-chain risk is real! Read the blog: binarly.io/blog/persisten…

While helping a customer track down malicious code of #XZbackdoor in their environment, we traced the source back to Docker Hub images and quickly realized the scope was wider than expected.

Not much has changed in #codeXplorer since 2018, and the plugin was slowly becoming obsolete. I finally carved out some time, and with the help of Claude, have completely refactored the codebase and packed it with exciting new features. Stay tuned! github.com/REhints/HexRay…

While playing DEF CON CTF Finals with Shellphish I managed to solve the ICO challenge using LLMs (GPT5 + Cursor) and almost no human intervention. You can read how I did it here! wilgibbs.com/blog/defcon-fi…

JEB 5.31 ships with a generic SASS disassembler and experimental decompiler for GPU code compiled for Nvidia architectures Volta to Blackwell (compute capabilities sm_70 to sm_121) #ReverseEngineering Learn more here: pnfsoftware.com/blog/reversing…

CVE-2025-21479 Meta Quest 3 privilege escalation Exploit poc - github.com/FreeXR/eureka_… #root #MobileSecurity #infosec #dfir

Nice spot to land your next REsearch talk!

Cool exploit, if only Qualcomm customers took Kernel Protect this technique wouldn't work. Unlucky.

As promised Blogpost is here! I find that a lot of the times people ask “how can researchers find complex bugs” This is my small contribution to show how the journey looked for me. I presented this content at hitcon last week! bughunters.google.com/blog/580034147…

We’re proud to share that CERT/CC has published an advisory for a vulnerability originally disclosed by Binarly in July: 𝗕𝗥𝗟𝗬-𝗗𝗩𝗔-𝟮𝟬𝟮𝟱-𝟬𝟬𝟱: binarly.io/advisories/brl… 𝗩𝗨#𝟮𝟬𝟵𝟬𝟵𝟱: kb.cert.org/vuls/id/209095

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

A new tool: Slice 🔪 With the help of build-free CodeQL and Tree-Sitter, Slice can help GPT-5 can reliably reproduce discovery of CVE-2025-37778: use-after-free vulnerability in the Linux kernel! noperator.dev/posts/slice/

✨Big news: Binarly is leveling up! @ChrisEng and Rick Congdon joins our Strategic Advisory Board 👏 Both bring decades of experience shaping AppSec, GTM, and enterprise security. The future of software supply chain security starts at Binarly! 🚀 binarly.io/news/binarly-n…

🚨 LABScon 2025, the speaker lineup! labscon.io/speakers/

𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝘁𝗿𝗮𝗻𝘀𝗽𝗮𝗿𝗲𝗻𝗰𝘆, 𝘂𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴, 𝗮𝗻𝗱 𝗶𝗻𝘀𝗽𝗲𝗰𝘁𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗮𝗿𝗲𝗻’𝘁 𝗷𝘂𝘀𝘁 𝘁𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀, 𝘁𝗵𝗲𝘆’𝗿𝗲 𝗻𝗮𝘁𝗶𝗼𝗻𝗮𝗹 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗽𝗿𝗶𝗼𝗿𝗶𝘁𝗶𝗲𝘀. Every week brings fresh reminders that we