<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-15T20:42:12.292453+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/30142aec-3213-45e4-b8e6-731ba529fce0/export</id>
    <title>30142aec-3213-45e4-b8e6-731ba529fce0</title>
    <updated>2026-07-15T20:42:12.318239+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "30142aec-3213-45e4-b8e6-731ba529fce0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/cyfar.ca/post/3mqpkd2blru2p", "content": "@esetresearch.bsky.social\n11 old Microsoft-signed UEFI shims allow bypassing Secure Boot to deploy bootkits; patched in June 2026 Patch Tuesday.\n-\nIOCs: CVE-2026-8863, CVE-2026-10797\n-\n#SecureBoot #ThreatIntel #UEFI", "creation_timestamp": "2026-07-15T20:21:38.144941Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/30142aec-3213-45e4-b8e6-731ba529fce0/export"/>
    <published>2026-07-15T20:21:38.144941+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/0fff37c0-c74f-4900-abc7-0b8e1b00db72/export</id>
    <title>0fff37c0-c74f-4900-abc7-0b8e1b00db72</title>
    <updated>2026-07-15T20:42:12.319756+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "0fff37c0-c74f-4900-abc7-0b8e1b00db72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://infosec.exchange/users/ESETresearch/statuses/116917582564392811", "content": "#ESETresearch discovered and reported to @certcc 11 old Microsoft-signed UEFI shim bootloaders that allow bypassing UEFI Secure Boot on most UEFI systems. Read about it at https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/ Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \nhttps://www.cve.org/CVERecord?id=CVE-2026-8863 \nhttps://www.cve.org/CVERecord?id=CVE-2026-10797Exploiting these vulnerable shims allows execution of untrusted code at system boot by using the Bring Your Own Vulnerable Driver (#BYOVD) technique, enabling deployment of malicious UEFI bootkits on systems that trust the Microsoft Corporation UEFI CA 2011 certificate. What makes these old shims dangerous is not a novel vulnerability, it\u2019s that no new vulnerability is needed to bypass Secure Boot. Just an old, still-trusted, unrevoked shim and basic knowledge of how UEFI works is enough to bypass UEFI Secure Boot and deploy a UEFI bootkit. For more details and instructions on how to verify that the dbx patches were properly applied on your system, read our blogpost:https://www.welivesecurity.com/en/eset-research/forgotten-uefi-shims-undermining-secure-boot/", "creation_timestamp": "2026-07-14T09:19:03.143941Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/0fff37c0-c74f-4900-abc7-0b8e1b00db72/export"/>
    <published>2026-07-14T09:19:03.143941+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fee2f5f6-4982-4eef-8e94-e3ec635db9ba/export</id>
    <title>fee2f5f6-4982-4eef-8e94-e3ec635db9ba</title>
    <updated>2026-07-15T20:42:12.319866+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fee2f5f6-4982-4eef-8e94-e3ec635db9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustror224", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:51.314759Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fee2f5f6-4982-4eef-8e94-e3ec635db9ba/export"/>
    <published>2026-07-14T09:18:51.314759+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/e38ebf78-1e6b-4dfc-8dab-15c012296ef2/export</id>
    <title>e38ebf78-1e6b-4dfc-8dab-15c012296ef2</title>
    <updated>2026-07-15T20:42:12.319940+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "e38ebf78-1e6b-4dfc-8dab-15c012296ef2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustrku224", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:50.841603Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/e38ebf78-1e6b-4dfc-8dab-15c012296ef2/export"/>
    <published>2026-07-14T09:18:50.841603+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/cb47e7ea-4bd5-4836-a18c-914bf8e1d531/export</id>
    <title>cb47e7ea-4bd5-4836-a18c-914bf8e1d531</title>
    <updated>2026-07-15T20:42:12.320016+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "cb47e7ea-4bd5-4836-a18c-914bf8e1d531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustrgx224", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:50.372893Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/cb47e7ea-4bd5-4836-a18c-914bf8e1d531/export"/>
    <published>2026-07-14T09:18:50.372893+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7995ac18-c268-46f8-99a5-bd957b88e039/export</id>
    <title>7995ac18-c268-46f8-99a5-bd957b88e039</title>
    <updated>2026-07-15T20:42:12.320104+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7995ac18-c268-46f8-99a5-bd957b88e039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlustra4c24", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:49.932318Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7995ac18-c268-46f8-99a5-bd957b88e039/export"/>
    <published>2026-07-14T09:18:49.932318+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/aa9ec4fb-9265-4e94-9779-3a9f050ee187/export</id>
    <title>aa9ec4fb-9265-4e94-9779-3a9f050ee187</title>
    <updated>2026-07-15T20:42:12.320173+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://vulnerability.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "aa9ec4fb-9265-4e94-9779-3a9f050ee187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-10797", "type": "seen", "source": "https://bsky.app/profile/esetresearch.bsky.social/post/3mqlusqj43c24", "content": "Tracked by #CVE-2026-8863 and #CVE-2026-10797, all these vulnerable shims were revoked in Microsoft\u2019s June Patch Tuesday updates.  \n\nwww.cve.org/CVERecord?id... \n\nwww.cve.org/CVERecord?id... 2/5", "creation_timestamp": "2026-07-14T09:18:49.458399Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/aa9ec4fb-9265-4e94-9779-3a9f050ee187/export"/>
    <published>2026-07-14T09:18:49.458399+00:00</published>
  </entry>
</feed>
