ESET researchers found that 11 defective Microsoft-signed shims allowed trivial bypasses of UEFI Secure Boot for 13 years until revocation in the June 2026 Patch Tuesday update. The flaw affects Windows and Linux devices alike and enables persistent bootkit installation with minimal attacker effort.

Attackers can use a basic technique with these still-trusted but unrevoked binaries to circumvent the protection embedded in a device's UEFI firmware.
From there, attackers with brief physical access can subvert the chain of trust to install malicious firmware that loads early in the boot process and persists even after OS reinstallation or hard drive replacement.
This decade-long lapse in revocation hygiene shows that even foundational boot security can erode through oversight in complex supply chains.
Tap a lens to see what this story means for you.
Reader-supported · Daily Brief
Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.
See what’s happening right now
The Feed runs all day — short, verified briefs the moment they break.
Open the FeedFollow @thecircuitry_
Every story we publish, as it happens. No noise between.
Reader-supported
The Circuitry is a passion project I've always wanted to build, and I love the work behind it.
Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.
Any contribution is appreciated. If not, no pressure. Thanks for reading.
IBM issued a rare mid-quarter warning that triggered its sharpest single-day stock decline in 115 years on Tuesday, with CEO Arvind Krishna citing an AI-driven global memory shortage shifting enterprise budgets from software to hardware. The change could unsettle vendors beyond IBM as corporate spending prioritizes supply-constrained components.
Microsoft has filed notice to permanently lay off 605 workers at its Redmond headquarters effective September 4, 2026. Axios notes 493 Redmond + other WA sites for the 605 total. The cuts are part of a sweeping Xbox gaming division restructure inside a global plan targeting approximately 3,200 roles in FY2027.
Microsoft disclosed CVE-2026-50380, a critical heap-based buffer overflow in Windows GDI+ that enables remote code execution over a network with a 9.6 CVSS score. The flaw affects numerous Windows 10 and 11 releases and is being patched as part of the July 2026 Patch Tuesday.