I covered a fascinating post by Alexander Moch at ERNW about a boot-level Linux vulnerability that lets attackers inject code from the initramfs debug shell. Even with Secure Boot and encryption, a few key presses can drop you to a shell and allow persistent malware to be added.
Luckily, the fix is simple and involves kernel parameters. I break it down here:
https://nerds.xyz/2025/07/linux-initramfs-security-flaw-secure-boot-bypass/
Curious what others are doing to harden this layer.