# Bad News for the Average Pentester With the changes to the market of late, Atredis has actually been exceedingly busy. We’ve been working with AI and related tech since we started the company over a dozen years ago, but in the last year, like everyone, our work has changed: […]

# Saved passwords in Edge memory: what we’re changing and why Browsers help protect some of the most sensitive data people have, including passwords. That’s why we continuously review how Edge handles that data, and where we can further reduce exposure through defense-in-depth improvements as part of Microsoft’s Secure Future […]

Talk presented at **Qualcomm Product Security Summit (QPSS) 2026**. The talk revisits a neglected attack surface in Android’s biometric authentication flow and explores how weaknesses around biometric AuthToken handling can be abused to crack PINs and bypass Credential Encrypted (CE) protection.

The Gentlemen ransomware‑as‑a‑service ( **RaaS**) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates. In 2026, based on victims listed on the data […]

On May 13, 2026 at 23:22:02 UTC (BNB Chain block `98134017`), attacker EOA `0xcb26b3a469c5aee911d059a25de2b26ed52826e9` executed transaction `0x2fdd6aef515fb06ce803c55086bb71de712631979809c135cf6d02be133f5cdb`, which deployed bootstrap contract `0x8aa9cb61885121448f1bf9a5df80ec36c6fbd535` and executor `0xe812f2e6cdffdfa4ca496db0716a53301c37b705`. The attacker used Moolah proxy `0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c` as an unsafe flash-loan callback entrypoint, then composed nested flash loans, a large USDT borrow, and a deep Pancake/Vault […]

On May 12, 2026 at 10:11:11 UTC, the SQ protocol on BNB Chain was exploited for 346,137.034345 USDT after the attacker abused a hardcoded owner backdoor in the verified `Staking` contract at `0x404404a845fff0201f3a4d419b4839fc419c99f7`. The attacker sent a type- `0x4` transaction with an `authorizationList` entry that delegated their EOA to helper […]

BoostHook on Ethereum was exploited on 2026-05-13 in transaction `0xb45cc4d9c13c2c24b4bbf71db9e6f52ed24d174ad23ed2622a290289cebd3811` at block `25080848`. The attacker used a 120 WETH Morpho flash loan to push the ETH/PERP Uniswap v4 pool price upward, opened nine leveraged long positions through `BoostHook.openLong()` while the pool was temporarily overpriced, then reversed the price move and […]

# Exploiting the Tesla Wall Connector from its charge port connector – Part 2: bypassing the anti-downgrade In a previous article, we presented an attack against the Tesla Wall Connector Gen 3 used during Pwn2Own Automotive 2025. The exploit chain relied on a simple fact: there was no anti-downgrade mechanism. […]

During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims but remains the second-highest Q1 on record at 117% above Q1 2024 (977 […]

On May 11, 2026 at 14:19:25 UTC, three deprecated Huma Finance V1 `BaseCreditPool` proxy deployments on Polygon were drained by an attacker-controlled borrower contract. The exploit was a credit-lifecycle logic error with an access-control component: an open `requestCredit(…, preApproved=false)` path created `Requested` credit records, then an unrestricted `refreshAccount(address)` call advanced […]