On Ethereum block `25118335` at `2026-05-17T23:55:23Z`, attacker EOA `0x5abb91b9c01a5ed3ae762d32b236595b459d5777` called bridge dispatcher `0x71518580f36feceffe0721f06ba4703218cd7f63` and drained bridge-held assets to drainer `0x65cb8b128bf6e690761044cceca422bb239c25f9`. The trace shows a BTC-import and proof-processing flow followed immediately by bridge payouts, which is consistent with a logic error in the bridge’s import/proof path rather than a flash-loan or […]

# Bad News for the Average Pentester With the changes to the market of late, Atredis has actually been exceedingly busy. We’ve been working with AI and related tech since we started the company over a dozen years ago, but in the last year, like everyone, our work has changed: […]

This Ethereum transaction occurred on 2026-05-16 18:28:23 UTC and is not the exploit execution path for the Adshares Wrapper incident. The trace shows a single zero-value `CALL` from `0xcb6af4e5e29d66A14af1F516BaAF1D5F7d8F6b84` to `0x63e22ce9bde9bb8892a447258abfcaa4142f001b` carrying plaintext calldata that repeats the whitehat return message from the alert. No internal calls, logs, token transfers, or […]

On Ethereum at 2026-05-16 18:15:23 UTC, transaction `0x99a1114c2e8dc1807e00da0e963a6fbd5d91a04d1e1fd0a75b78e9c6b41a7464` was an on-chain plaintext settlement message related to Adshares Wrapper, not the drain transaction itself. The trace shows a single zero-value `CALL` from `0xb6fe3854a85dc6c2a873f2b6bbd43a36c74cae1f` to EOA `0x63e22ce9bde9bb8892a447258abfcaa4142f001b`, with ASCII calldata offering whitehat terms and requesting return of 90% of previously drained assets. […]

PHP is one of the world’s most popular programming languages. The PHP core itself is rarely perceived as an attack surface — attention usually shifts to frameworks and third-party libraries. However, a significant portion of real-world application logic relies on built-in functions from the ext/standard extension, which handles strings, query […]

# Saved passwords in Edge memory: what we’re changing and why Browsers help protect some of the most sensitive data people have, including passwords. That’s why we continuously review how Edge handles that data, and where we can further reduce exposure through defense-in-depth improvements as part of Microsoft’s Secure Future […]

Talk presented at **Qualcomm Product Security Summit (QPSS) 2026**. The talk revisits a neglected attack surface in Android’s biometric authentication flow and explores how weaknesses around biometric AuthToken handling can be abused to crack PINs and bypass Credential Encrypted (CE) protection.

The Gentlemen ransomware‑as‑a‑service ( **RaaS**) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates. In 2026, based on victims listed on the data […]

On May 13, 2026 at 23:22:02 UTC (BNB Chain block `98134017`), attacker EOA `0xcb26b3a469c5aee911d059a25de2b26ed52826e9` executed transaction `0x2fdd6aef515fb06ce803c55086bb71de712631979809c135cf6d02be133f5cdb`, which deployed bootstrap contract `0x8aa9cb61885121448f1bf9a5df80ec36c6fbd535` and executor `0xe812f2e6cdffdfa4ca496db0716a53301c37b705`. The attacker used Moolah proxy `0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c` as an unsafe flash-loan callback entrypoint, then composed nested flash loans, a large USDT borrow, and a deep Pancake/Vault […]

On May 12, 2026 at 10:11:11 UTC, the SQ protocol on BNB Chain was exploited for 346,137.034345 USDT after the attacker abused a hardcoded owner backdoor in the verified `Staking` contract at `0x404404a845fff0201f3a4d419b4839fc419c99f7`. The attacker sent a type- `0x4` transaction with an `authorizationList` entry that delegated their EOA to helper […]