Entry Thumbnail

TrustedVolumes RFQ Proxy Drain

On Ethereum at 2026-05-07 00:47:35 UTC, the attacker exploited an authorization design flaw in TrustedVolumes’ custom RFQ flow to create a maker/signer relationship they controlled and then settle orders against a third-party resolver’s pre-approved balances. The loss in this transaction was approximately $5.87M, consisting of `1291.16110521587917927` WETH, `206282.446876` USDT, `16.93910519` […]

Posted by
Entry Thumbnail

Norton Secure VPN Installation Insecure Operation On Junction Privilege Escalation Vulnerability

CVE-2025-58074 A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges. The versions below were either tested or verified […]

Posted by
Entry Thumbnail

Inspektor Gadget Security Audit

In early 2026, Shielder was hired by OSTIF to perform a security audit of Inspektor Gadget, an eBPF-based framework that provides powerful and flexible observability tools for Kubernetes and Linux hosts. **Today, we are publishing the full report in our dedicated repository**. Inspektor Gadget is both a framework and a […]

Posted by