# Bad News for the Average Pentester With the changes to the market of late, Atredis has actually been exceedingly busy. We’ve been working with AI and related tech since we started the company over a dozen years ago, but in the last year, like everyone, our work has changed: […]

# Saved passwords in Edge memory: what we’re changing and why Browsers help protect some of the most sensitive data people have, including passwords. That’s why we continuously review how Edge handles that data, and where we can further reduce exposure through defense-in-depth improvements as part of Microsoft’s Secure Future […]

Talk presented at **Qualcomm Product Security Summit (QPSS) 2026**. The talk revisits a neglected attack surface in Android’s biometric authentication flow and explores how weaknesses around biometric AuthToken handling can be abused to crack PINs and bypass Credential Encrypted (CE) protection.

The Gentlemen ransomware‑as‑a‑service ( **RaaS**) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates. In 2026, based on victims listed on the data […]

On May 13, 2026 at 23:22:02 UTC (BNB Chain block `98134017`), attacker EOA `0xcb26b3a469c5aee911d059a25de2b26ed52826e9` executed transaction `0x2fdd6aef515fb06ce803c55086bb71de712631979809c135cf6d02be133f5cdb`, which deployed bootstrap contract `0x8aa9cb61885121448f1bf9a5df80ec36c6fbd535` and executor `0xe812f2e6cdffdfa4ca496db0716a53301c37b705`. The attacker used Moolah proxy `0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c` as an unsafe flash-loan callback entrypoint, then composed nested flash loans, a large USDT borrow, and a deep Pancake/Vault […]

# Exploiting the Tesla Wall Connector from its charge port connector – Part 2: bypassing the anti-downgrade In a previous article, we presented an attack against the Tesla Wall Connector Gen 3 used during Pwn2Own Automotive 2025. The exploit chain relied on a simple fact: there was no anti-downgrade mechanism. […]

BoostHook on Ethereum was exploited on 2026-05-13 in transaction `0xb45cc4d9c13c2c24b4bbf71db9e6f52ed24d174ad23ed2622a290289cebd3811` at block `25080848`. The attacker used a 120 WETH Morpho flash loan to push the ETH/PERP Uniswap v4 pool price upward, opened nine leveraged long positions through `BoostHook.openLong()` while the pool was temporarily overpriced, then reversed the price move and […]

On May 12, 2026 at 10:11:11 UTC, the SQ protocol on BNB Chain was exploited for 346,137.034345 USDT after the attacker abused a hardcoded owner backdoor in the verified `Staking` contract at `0x404404a845fff0201f3a4d419b4839fc419c99f7`. The attacker sent a type- `0x4` transaction with an `authorizationList` entry that delegated their EOA to helper […]

During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims but remains the second-highest Q1 on record at 117% above Q1 2024 (977 […]

INK Finance’s Workspace Treasury on Polygon was exploited on 2026-05-11 at block 86711192. The attacker used an address-control / authorization design flaw in the workspace payroll claim path: a freshly deployed CREATE2 contract at `0xd7c643517f98f58d3f9ba91de05d4f62620cfd10` was accepted as an eligible claim actor and triggered the treasury’s authorized transfer path. The […]