Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Howyar Reloader UEFI application Secure Boot bypass flaw (CVE-2024-7344)

Vulnerability
First reported
Last updated
Happening score
H score 22
2 unique sources, 2 articles

Summary

Hide ▲

HybridPetya is a newly disclosed ransomware/bootkit strain that exploits CVE-2024-7344 in the Howyar Reloader UEFI application to bypass UEFI Secure Boot on UEFI-based Windows systems. ESET found samples on VirusTotal and linked the boot-level chain to a malicious artifact that can load before the OS, install in the EFI System Partition, and encrypt the NTFS Master File Table (MFT). The samples appear inspired by Petya/NotPetya, and Microsoft had already revoked the vulnerable binary in the January 2025 Patch Tuesday update. The abuse has not been observed in the wild, but it shows how a patched UEFI weakness can still support pre-OS compromise.

Related Happenings

MOVEit Automation authentication bypass (CVE-2026-4670)

Vulnerability
First: 04.05.2026 15:18 Last: 04.05.2026 15:18 Sources 1

About this happening: A critical **authentication bypass** in **MOVEit Automation** affects versions before **2025.1.5**, **2025.0.9**, and **2024.1.8**, creating remote access risk for exposed file-tr...

Open Happening

Lantronix EDS3000PS/EDS5000PS and Silex SD330-AC serial-to-IP vulnerabilities multiple vulnerabilities security flaw (CVE-2025-70082)

Vulnerability
First: 21.04.2026 00:00 Last: 21.04.2026 00:00 Sources 1

About this happening: **Forescout** researchers disclosed **20 new vulnerabilities** in **Lantronix EDS3000PS/EDS5000PS** and **Silex SD330-AC** serial-to-IP converters, putting **industrial network**...

Open Happening

Windows Task Host link-following privilege escalation (CVE-2025-60710)

Vulnerability
First: 15.04.2026 17:51 Last: 15.04.2026 17:51 Sources 1

About this happening: CISA added **CVE-2025-60710** to its actively exploited catalog after finding a **Windows Task Host** link-following flaw that can let **local attackers** escalate to **SYSTEM** o...

Open Happening

IP KVM devices unauthenticated root access and command execution flaws (multiple vulnerabilities)

Vulnerability
First: 18.03.2026 13:42 Last: 18.03.2026 13:42 Sources 1

About this happening: Nine **IP KVM vulnerabilities** across **GL-iNet Comet RM-1**, **Angeet/Yeeso ES3 KVM**, **Sipeed NanoKVM**, and **JetKVM** can expose attached hosts to **root access** and **comm...

Open Happening

Windows RRAS management tool remote code execution flaws (multiple vulnerabilities)

Vulnerability
First: 14.03.2026 23:48 Last: 14.03.2026 23:48 Sources 1

About this happening: **Windows 11 Enterprise** devices using the **Windows Routing and Remote Access Service (RRAS) management tool** were affected by flaws that could enable **remote code execution**...

Open Happening

Timeline

  1. 12.09.2025 14:50 3 articles · 8mo ago

    HybridPetya disclosure and CVE-2024-7344 Secure Boot bypass

    Initial Disclosure

    ESET disclosed HybridPetya as a new ransomware strain that resembles Petya/NotPetya and can compromise modern UEFI-based Windows systems by exploiting CVE-2024-7344 in the Howyar Reloader UEFI application to bypass UEFI Secure Boot. The samples were uploaded to VirusTotal in February 2025, and the malware chain includes a malicious EFI application that encrypts the NTFS Master File Table (MFT), while Microsoft had already revoked the vulnerable binary in its January 2025 Patch Tuesday update.

    Show sources
    Open in new tab