A New UEFI Flaw Lets Attackers Strike Before the OS Even Loads

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

A New UEFI Flaw Lets Attackers Strike Before the OS Even Loads

Researchers warn that a newly discovered UEFI vulnerability enables early-boot DMA attacks on widely used consumer and enterprise systems.

Security researchers have disclosed a new UEFI firmware vulnerability that allows attackers to perform direct memory access (DMA) attacks during the earliest boot stages, before the operating system and most security controls initialize. The flaw affects systems built on popular motherboard platforms used by both consumers and enterprises.

The vulnerability resides in how affected UEFI implementations handle hardware access during the pre-boot phase. Attackers who gain physical or low-level access can abuse DMA-capable devices to read or modify system memory before protections such as kernel isolation or endpoint security tools activate. As a result, attackers can bypass many traditional defenses entirely.

Why Early-Boot DMA Attacks Are Dangerous

Early-boot attacks pose a serious threat because they operate below the operating system level. Once attackers exploit the flaw, they can inject malicious code, tamper with firmware settings, or establish stealthy persistence that survives OS reinstalls. Consequently, detection becomes extremely difficult using conventional security tools.

Researchers confirmed that multiple motherboard vendors are affected, including ASRock, ASUS, GIGABYTE, and MSI. The impacted systems rely on vulnerable UEFI components that fail to properly restrict DMA access during boot. Systems without features like Kernel DMA Protection or Secure Boot enforcement face higher risk.

Who Is at Risk and What to Do

Although exploitation requires a high level of access, the impact remains severe. Threat actors with physical access, malicious insiders, or advanced attackers targeting high-value systems could weaponize the flaw. Enterprise laptops, workstations, and developer systems remain attractive targets due to their sensitive data and elevated privileges.

Security experts urge users to apply firmware updates as soon as vendors release patches. Additionally, organizations should enable Secure Boot, activate Kernel DMA Protection where available, and restrict physical access to critical systems. Monitoring firmware integrity and enforcing hardware security policies further reduce exposure.

This discovery highlights a growing concern in modern security. Firmware-level flaws continue to offer attackers powerful opportunities to operate below the visibility of traditional defenses. As attackers move deeper into the boot process, firmware security is becoming just as critical as operating system protection.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

A New UEFI Flaw Lets Attackers Strike Before the OS Even Loads