**Ready?** Start Season 4 now > # Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game Learn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that over 10,000 developers have already used to sharpen […]

# Hyperbridge Forged Proof DOT Mint on Ethereum On April 13, 2026 at 03:55:23 UTC, a helper contract deployed by the attacker used Hyperbridge’s Ethereum-side ISMP message path to deliver a forged governance-style `PostRequest` into `TokenGateway`. The exploit is best classified as an access-control failure at the proof-validation boundary: `HandlerV1` […]

An AI-powered multi-agent pipeline for investigating on-chain attack transactions. Produces comprehensive incident reports with root-cause analysis, self-correcting Analyst-Validator debate, and optional Foundry PoC exploits. ## Pipeline 1. **Parse input**— tx_hash, chain, hints 2. **Setup**— analysis directory + incident brief 3. **Planner**— analysis plan, call trace 4. **Data Collector**— manifest, contract […]

A structured 7-stage audit using an orchestrator + subagent architecture for security auditing of blockchain node implementations. Covers execution clients, consensus clients, app-chain SDKs, bridges, and any codebase with P2P networking or consensus logic. ## Pipeline 1. **Setup**— creates output directories, records audit parameters 2. **Recon**— maps codebase structure, entry […]

A DFS-based AI security auditor for Solidity. The lead auditor reads code, builds a structured context map, extracts value-flow call paths, then delegates each path to a hunt agent for line-by-line depth-first analysis. Findings are merged, deduplicated, and validated. ## Pipeline 1. **Reconnaissance**— discover `.sol` files, resolve skill references, create […]

# SubQuery Network: Missing Access Control in `Settings` Enables Staking Drain On April 12, 2026, SubQuery Network, a staking protocol on Base, (block 44,590,469) suffered an access-control exploit that drained approximately **218.29M SQT** (about **$131.2K**) from the protocol’s Staking contract. The attacker deployed two ephemeral contracts, abused the absence of […]

# Given Enough Agents, All Bugs Become Shallow A few months ago I had this realization that agents have become really good at identifying bugs in code, especially security vulnerabilities. They are relentless in analyzing code and you can spin up multiple of them to go through source code quickly. […]

CVE-2026-24450 An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. The versions below were either tested or verified to be vulnerable by Talos […]

CVE-2026-20911 A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. The versions below were either tested or verified to […]

CVE-2026-24660 A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. The versions below were either tested or verified to be vulnerable by […]