On Ethereum block `25118335` at `2026-05-17T23:55:23Z`, attacker EOA `0x5abb91b9c01a5ed3ae762d32b236595b459d5777` called bridge dispatcher `0x71518580f36feceffe0721f06ba4703218cd7f63` and drained bridge-held assets to drainer `0x65cb8b128bf6e690761044cceca422bb239c25f9`. The trace shows a BTC-import and proof-processing flow followed immediately by bridge payouts, which is consistent with a logic error in the bridge’s import/proof path rather than a flash-loan or […]

# Bad News for the Average Pentester With the changes to the market of late, Atredis has actually been exceedingly busy. We’ve been working with AI and related tech since we started the company over a dozen years ago, but in the last year, like everyone, our work has changed: […]

On Ethereum at 2026-05-16 18:15:23 UTC, transaction `0x99a1114c2e8dc1807e00da0e963a6fbd5d91a04d1e1fd0a75b78e9c6b41a7464` was an on-chain plaintext settlement message related to Adshares Wrapper, not the drain transaction itself. The trace shows a single zero-value `CALL` from `0xb6fe3854a85dc6c2a873f2b6bbd43a36c74cae1f` to EOA `0x63e22ce9bde9bb8892a447258abfcaa4142f001b`, with ASCII calldata offering whitehat terms and requesting return of 90% of previously drained assets. […]

This Ethereum transaction occurred on 2026-05-16 18:28:23 UTC and is not the exploit execution path for the Adshares Wrapper incident. The trace shows a single zero-value `CALL` from `0xcb6af4e5e29d66A14af1F516BaAF1D5F7d8F6b84` to `0x63e22ce9bde9bb8892a447258abfcaa4142f001b` carrying plaintext calldata that repeats the whitehat return message from the alert. No internal calls, logs, token transfers, or […]

PHP is one of the world’s most popular programming languages. The PHP core itself is rarely perceived as an attack surface — attention usually shifts to frameworks and third-party libraries. However, a significant portion of real-world application logic relies on built-in functions from the ext/standard extension, which handles strings, query […]

# Saved passwords in Edge memory: what we’re changing and why Browsers help protect some of the most sensitive data people have, including passwords. That’s why we continuously review how Edge handles that data, and where we can further reduce exposure through defense-in-depth improvements as part of Microsoft’s Secure Future […]

Talk presented at **Qualcomm Product Security Summit (QPSS) 2026**. The talk revisits a neglected attack surface in Android’s biometric authentication flow and explores how weaknesses around biometric AuthToken handling can be abused to crack PINs and bypass Credential Encrypted (CE) protection.

The Gentlemen ransomware‑as‑a‑service ( **RaaS**) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates. In 2026, based on victims listed on the data […]

On May 13, 2026 at 23:22:02 UTC (BNB Chain block `98134017`), attacker EOA `0xcb26b3a469c5aee911d059a25de2b26ed52826e9` executed transaction `0x2fdd6aef515fb06ce803c55086bb71de712631979809c135cf6d02be133f5cdb`, which deployed bootstrap contract `0x8aa9cb61885121448f1bf9a5df80ec36c6fbd535` and executor `0xe812f2e6cdffdfa4ca496db0716a53301c37b705`. The attacker used Moolah proxy `0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c` as an unsafe flash-loan callback entrypoint, then composed nested flash loans, a large USDT borrow, and a deep Pancake/Vault […]

# Exploiting the Tesla Wall Connector from its charge port connector – Part 2: bypassing the anti-downgrade In a previous article, we presented an attack against the Tesla Wall Connector Gen 3 used during Pwn2Own Automotive 2025. The exploit chain relied on a simple fact: there was no anti-downgrade mechanism. […]