INK Finance’s Workspace Treasury on Polygon was exploited on 2026-05-11 at block 86711192. The attacker used an address-control / authorization design flaw in the workspace payroll claim path: a freshly deployed CREATE2 contract at `0xd7c643517f98f58d3f9ba91de05d4f62620cfd10` was accepted as an eligible claim actor and triggered the treasury’s authorized transfer path. The […]

On May 10, 2026 at 08:27:23 UTC, Renegade Dark Pool Proxy 1 on Arbitrum ( `0x30bd8eab29181f790d7e495786d4b96d7afdc518`) was drained through an access-control failure in its initialization path. The attacker EOA `0x777253f28adc29645152b7b41be5c772a9657777` created an orchestrator contract, deployed malicious delegatecall logic, then called the proxy’s `initialize(…)` function with attacker-controlled addresses. The trace proves […]

On Ethereum at 2026-05-07 00:47:35 UTC, the attacker exploited an authorization design flaw in TrustedVolumes’ custom RFQ flow to create a maker/signer relationship they controlled and then settle orders against a third-party resolver’s pre-approved balances. The loss in this transaction was approximately $5.87M, consisting of `1291.16110521587917927` WETH, `206282.446876` USDT, `16.93910519` […]

# White Eagle withdraw drain via spot-price-based WEGL payout On 2026-05-07 08:14:47 UTC, the White Eagle withdrawal contract on BNB Chain was exploited through a spot-price manipulation logic flaw in its withdrawal path. The attacker used an orchestrator plus 11 helper contracts to call `withdraw()` repeatedly, then sold each WEGL […]

CVE-2026-30817 An external config control vulnerability exists in the Openvpn configuration restore route_up functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary file reading. An attacker can upload a malicious file to trigger this vulnerability. The versions below were either […]

CVE-2026-30815 An os command injection vulnerability exists in the Openvpn configuration restore script_security functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary command execution. An attacker can upload a malicious file to trigger this vulnerability. The versions below were either […]

CVE-2026-30815 An os command injection vulnerability exists in the Openvpn configuration restore client_connect functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary command execution. An attacker can upload a malicious file to trigger this vulnerability. The versions below were either […]

# Make it Blink: Over-the-Air Exploitation of the Philips Hue Bridge The year-end edition of **Pwn2Own** took place in Cork, Ireland. For the first time, this event featured smart home devices, including the **Amazon Smart Plug**, **Home Assistant Green**, and the **Philips Hue Bridge**. The attack scenario defined by the […]

# The Danger of Multi-SSO AWS Cognito User Pools 05 May 2026 – Posted by Francesco Lacerenza, Mohamed Ouad After a small detour, the **CloudSecTidbits** series is back with new episodes. We had the opportunity to present them at the first DEFCON in Singapore few days ago during our DemoLabs […]

# Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) This is a writeup of my DEF CON Singapore talk that walks through vulnerabilities and exploits in M365 Copilot and Consumer Copilot. I disclosed these to Microsoft last year. MSRC assigned CVE-2026-24299 and the issues are […]