Skip to main content
​
11/05/2025
We’re excited to introduce major enhancements to the Binarly platform. The latest Binarly release offers new functionality that converges product security and security research with Custom Rule Management and Threat Hunting with YARA, and native FwHunt support. It also introduces Java archive and bytecode (JVM) analysis and advanced PQC & CBoM inspection for deep visibility into cryptographic materials and reachability across modern software packages.

​
Hero Features

  • Enterprise-Scale YARA Integration
    • YARA rules are now part of the Binarly Transparency Platform for enhanced threat hunting and analysis.
  • Java archive and Java bytecode (JVM) analysis support - [New Ecosystem]
    • Dependency Vulnerability detection
    • PQC & CBoM: Deep Inspection of Java Cryptographic Materials and Reachability Analysis
  • Custom Rule Manager - Converged Product Security & Security Research
    • Hosted Rule Development Playground
      • Custom Rules Threat Hunting scan engine (Playground)
      • Integrates with YARA support (in addition to FwHunt rules) for connecting threat intel data feeds
    • Ruleset Management System with UAC
      • New roles: Rule Admin, Editor and Viewer
    • Ruleset context search and navigation
    • Ruleset deployment
      • Rulesets can be deployed for the entire organization or list of products
    • Ruleset API for CI/CD integration
      • Tooling can be integrated with any rule management through REST API

​
Features

  • Organization Quotas
    • Ease enterprise roll out - Quota can be centrally managed and allocated to teams within the platform.
    • Helps to stay in license limits and provides transparency accross teams
  • Triage Enhancements
    • Improved collaboration - Assign issues status, assign to team members, issue comments with markdown support, with dynamically updating charts.
    • Per product, across images triage is now possible
    • Activity details are recorded with history
  • Enhanced Cryptographic Artifacts extraction - Detection of UEFI Secure Boot keys and certificates
  • On-prem Deployment Improvements - Helm chart rework with security and maintainability improvements

​
Binarly Analysis Engine

  • New Platforms/Formats
    • Java Archives
    • Android Packages
    • Lua Bytecode
    • OP-TEE kernel
    • Portable Executables for Windows
  • Vulnerability Database Service
    • Improved handling of vulnerability data sources
  • New Features
    • Improved unpacking of various UEFI update packages
    • Ability to analyze certificates/keys extracted from Secure Boot related variables
    • Ability to analyze standalone UEFI modules with PEI/DXE/SMM/Application kinds
    • Compiler identification for EFI modules
    • Improved processing of source code in order to detect leaked secrets
    • Improved processing of Git repositories in order to detect leaked secrets
    • Improved support for Linux Kernel extraction and version identification
    • Ability to extract ecosystem or ecosystem candidates from arbitrary input files
    • Improved identification of ECC (elliptic-curve cryptography) public/private keys
    • Structured reporting of ECC keys extracted from certificates and public/private key files
    • Identification and reporting of new signature algorithms (SLH-DSA and ML-DSA) extracted from certificates
    • CBoM for Java ecosystem
    • Identification of cryptographic algorithms in Java Bytecode, including reachability analysis
    • Identification of known vulnerabilities in components and dependencies extracted from Java Archives
    • YARA engine support (yara-x) with a default rule package containing 170 rules allowing to detect malicious and vulnerable code
    • Improved support for CPE and PURL
  • New Detections
  • New Context-Aware Rule Detection (VulHunt, FwHunt, YARA)
    • FwHunt detection for CVE-2025-4275 (UEFI)
    • VulHunt detections for multiple vulnerabilities across different ecosystems:
      • CVE-2024-54085 (LUA)
      • CVE-2018-18313 (POSIX)
      • CVE-2022-40674 (POSIX)
      • CVE-2023-26604 (POSIX)
      • CVE-2024-10237 (POSIX)
      • CVE-2024-6387 (POSIX)
      • CVE-2024-8096 (POSIX)
      • CVE-2025-0840 (POSIX)
      • CVE-2025-32463 (POSIX)
      • CVE-2025-7937 (POSIX)
      • BRLY-2025-003 (UEFI)
      • BRLY-2025-004 (UEFI)
      • CVE-2023-40238 (UEFI)
      • CVE-2025-3052 (UEFI)
      • CVE-2025-33043 (UEFI)
      • CVE-2025-4421 (UEFI)
      • CVE-2025-4422 (UEFI)
      • CVE-2025-4423 (UEFI)
      • CVE-2025-4424 (UEFI)
      • CVE-2025-4425 (UEFI)
      • CVE-2025-4426 (UEFI)
      • CVE-2025-7026 (UEFI)
      • CVE-2025-7027 (UEFI)
      • CVE-2025-7028 (UEFI)
      • CVE-2025-7029 (UEFI)
    • YaraHunt detections for the following:
  • Analysis Framework Enhancements
    • Multiple engine and rule format improvements including new features and bug fixes
    • Multiple improvements to the internal static analysis framework and decompiler
    • Support for rule/match confidence
    • Improved caching of analysis results