# LML / APower Reward-Claim Price Manipulation On March 31, 2026 at 20:39:02 UTC, the attacker used flash-loaned capital on BNB Chain to manipulate the LML/USDT market, then batch-triggered reward claims for pre-seeded accounts through APower and immediately sold the resulting LML back into the distorted pool. The primary issue […]

# WhaleBit CES / IGT Staking Spot-Oracle Manipulation On March 31, 2026 at 22:56:21 UTC (Polygon block `84938872`), an attacker exploited WhaleBit’s unverified staking system through a **same-transaction spot-oracle manipulation** funded by a flash loan. The attacker EOA `0xe66b37de57b65691b9f4ac48de2c2b7be53c5c6f` used helper contract `0xb5a8d7a37d60aa662f4dc9b3ef4c32a3fe21fadf` to borrow `51,024.905390945780848543 CES`, run three batches […]

CVE-2026-3779 A use-after-free vulnerability exists in the way Foxit Reader handles an Array object. A specially crafted JavaScript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the […]

AI assistants now handle some of the most sensitive data people own. Users discuss symptoms and medical history. They ask questions about taxes, debts, and personal finances, upload PDFs, contracts, lab results, and identity-rich documents that contain names, addresses, account details, and private records. That trust depends on a simple […]

# Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) Today, we woke up with a nagging feeling: what if Citrix had, in fact, patched multiple Memory Overread vulnerabilities as part of CVE-2026-3055? While we’ve been using our analysis from Part 1 (please […]

**AI-assisted malware development has reached operational maturity.** VoidLink framework, which is modular, professionally engineered, and fully functional, was built by a single developer using a commercial AI-powered IDE within a compressed timeframe. AI-assisted development is no longer experimental but produces deploymentready output. **AI-assisted development is not always obvious from the […]

# The Sequels Are Never As Good, But We’re Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) Sequels? Pain? We’re obviously talking about Citrix NetScalers, yet again. Welcome back to another watchTowr Labs blog post – pull up a chair, we always welcome new members to our group therapy sessions. […]

# VTSwapHook Pricing Error — Midpoint Approximation and Fee Accounting Exploit On 2026-03-28, the VTSwapHook contract ( `0xbf4b4a83708474528a93c123f817e7f2a0637a88`) deployed on Arbitrum was exploited through a **logic error** in its custom pricing formula. The hook implements a nonlinear (logarithm-based) price curve but approximates execution price using a simple midpoint average — […]

# A Technical Deep Dive into CVE-2024-23380: Exploiting GPU Memory Corruption to Android Root # Table of Contents In our last blog, we talked about Binder exploit and fuzzing, and how they can be used to achieve Local Privilege Escalation (LPE) from a zero-permission application to root. In this blog, […]

# EST BNBDeposit Claim Abuse and Pair Reserve Manipulation On 2026-03-27, the EST / BNBDeposit system on BNB Smart Chain was exploited through a **flash-loan-assisted reward-accounting flaw** in `BNBDeposit`, amplified by **fee-exempt routing and pair-state manipulation** in EST. The attacker borrowed `250,000 WBNB`, built a temporary claim-bearing share in `BNBDeposit` […]