Raydium just took a $1.34M hit from fake liquidity tokens on old Solana pools. Legacy DeFi cracks are wide open—who’s really safe? Time to watch Solana protocols like a hawk. #DeFi #Solana #Crypto #Raydium #ExploitAlert famacrypto.com/raydium-loses…

#web3security #audit #web3audit #solana #EVM #exploitalert

CVE-2026-42897 exploited in the wild. A 8.1 CVSS OWA flaw allows RCE via malicious emails. Verify your Exchange Emergency Mitigation (EM) status now! #ExchangeServer #Outlook #CyberSecurity #InfoSec #VulnerabilityAlert #CVE202642897 #OWA #ExploitAlert securityonline.info/outlook-…

Cisco Catalyst SD-WAN CVE-2026-20182 (CVSS 10) exploited in the wild. Attackers bypassing auth to seize admin control. Upgrade your network fabric now! #Cisco #SDWAN #CyberSecurity #InfoSec #VulnerabilityAlert #CVE202620182 #NetworkSecurity #ExploitAlert securityonline.info/cisco-ca…

CVE-2026-32661 exploited in the wild. A 9.8 CVSS flaw in GUARDIANWALL MailSuite allows unauthenticated RCE. Apply Canon's official patches immediately. #MailSecurity #CyberSecurity #InfoSec #RCE #VulnerabilityAlert #CVE #Canon #GUARDIANWALL #ExploitAlert securityonline.info/guardian…

200,000 sites hit by CVE-2026-8181. A 9.8 CVSS Burst Statistics flaw allows RCE via auth bypass. 5,000 attacks blocked. Update to 3.4.2 immediately! #WordPress #CyberSecurity #InfoSec #RCE #VulnerabilityAlert #CVE #BurstStatistics #ExploitAlert securityonline.info/burst-st…

Sysdig warns: PraisonAI (CVE-2026-44338) exploited in under 4 hours. Attackers bypassed auth to hijack agents and drain API quotas. Update to 4.6.34 now! #PraisonAI #CyberSecurity #InfoSec #AISecurity #VulnerabilityAlert #CVE202644338 #ExploitAlert securityonline.info/praisona…

BARGHEST reveals CVE-2026-0073: a zero-click Android ADB bypass over Wi-Fi. Public PoC and exploit details are now live. Secure your mobile device today! #AndroidSecurity #ADB #CVE #InfoSec #CyberSecurity #ZeroClick #MobileHacking #PoC #ExploitAlert securityonline.info/android-…

🚨 🚨 🚨 Security Alert: Ekubo Lock/pay accounting abuse Chain: Ethereum Loss: 17 WBTC Target: Ekubo Core 0xe0e0e08a6a4b9dc7bd67bcb7aade5cf48157d444 Attack Tx: etherscan.io/tx/0x770bc9a1f7… Summary: Ekubo Core lock/pay accounting was abused through repeated withdraw-then-pay callbacks. The attacker withdrew 0.2 WBTC per iteration to 0xa911ff351b143634dbc5af3e204ea074583a83e3 and repaid the lock from 0x765decf4fa157756e850c1079f60801b9219edd1. Funds flow: 17 WBTC net moved from 0x765decf4fa157756e850c1079f60801b9219edd1 to 0xa911ff351b143634dbc5af3e204ea074583a83e3; Ekubo Core ended with zero net WBTC change across the traced transfers. #DeFiSecurity #ETH #ExploitAlert

🚨🚨🚨TTSwap Market exploit on Ethereum with ~5.10 ETH profit Chain: Ethereum Loss: estimated attacker profit ~5.098626 ETH Target: TTSwap_Market_Proxy 0x5c70a413fcb7ea8c8d478d06f31f8963ce4ee635 Attack Tx: etherscan.io/tx/0x43a0161de1… Summary: A flash-loan-funded attacker abused TTSwap market initialization and buyGood/payGood flows for 0xeeffdb5fced045efbaa7293f2d2eff5ecfbe9a26 against WETH. The transaction repaid the 8 WETH Balancer loan and retained profit. Funds flow: The attacker withdrew 4.329850 WETH to ETH and transferred a total of 5.098626 ETH through 0x5d5fc1c6156f8c5eea8e7fe2649507f0ce6bfc1b to recipient 0x12494e12a20267c52c445765e9c204cda7e7a02e. #DeFiSecurity #Ethereum #ExploitAlert

🚨🚨🚨Yearn stETH strategy incident Chain: Ethereum Loss: ~429.21057 ETH Target: StrategystETHAccumulatorV3 / StrategyRouterV3 withdrawal flow Attack Attack Tx: etherscan.io/tx/0xebaaab69ba… Summary: The attacker deployed fresh contracts, routed funds through the stETH strategy stack, abused the withdrawal path, and exited through the Curve stETH pool into WETH/ETH. Funds flow: 429.21057 ETH was returned to 0x6a818c673b098621e9bfb2adc80060906cf7b327 after moving through 0xcc9be93051e8ad00a70eba3df2571a18f94d5856 and 0x64c589f3ef894678e46af3b851aa08be3f40a674. #DeFiSecurity #ETH #ExploitAlert

🚨🚨🚨Blockchain Bets exploit on Ethereum Chain: Ethereum Loss: 17.568955 ETH attacker profit Target: Blockchain Bets (BCB token and ERC1155 staking module) Attack Attack Tx: etherscan.io/tx/0x879b365b16… Summary: The attacker used a 4,000,000,000 BCB flash swap, split funds across helper contracts, then abused the ERC1155 stake/transform/unstake flow to inflate redeemable BCB before dumping into the BCB/WETH pool. Funds flow: 17.568954659981801955 WETH was withdrawn to ETH and forwarded through 0x27e75e05fe441717820e2ca136f5e3c637de2fa4, 0x712e7ba278a8d1bae3b6889895fc0483d2340d1a, 0xabb388d3cf7166f01e9a91543e2fc29f626ff8f4, and 0x1cc99aac09ab1fe81cb71aa9be8a84606c24544e. #DeFiSecurity #ETH #ExploitAlert

Exploit Alert: ycdeal3 / RWAVault unauthorized withdraw on Ethereum Chain: Ethereum Loss: ~387,763.999994 USDC Target: ycdeal3 vault at 0xb9c7c84a1aa0dd40b5b38aae815ad0cdd2e5f88a Attack Attack Tx: etherscan.io/tx/0x6b04344d56… Summary: The attacker abused a missing check between receiver and owner in withdraw, then used victim owner addresses to redeem vault assets to attacker contract 0x50c140c2f705fa9d0bd0f4f253bacf4087588d17. Multiple unauthorized withdrawals drained about 387.76k USDC from the ycdeal3 vault flow. Funds flow: 5,000 USDC was swapped on Uniswap V2 for 2.195959995966763304 ETH, and 387,763.999994 USDC was transferred to 0x7137804200a073f616d92e87007f1f100100b56a. #DeFiSecurity #ETH #ExploitAlert

🚨🚨🚨JUDAO exploit alert on BSC Chain: Loss: At least 205,259.490762 USDT, plus 36 BNB routed out via PancakeSwap Target: PancakeSwap V2 BUSD-JUDAO Attack Tx: bscscan.com/tx/0x956e38b8ddb… Summary: The attacker flash-loaned 2,295,723.159642 USDT from Lista DAO: Moolah, bought JUDAO, then abused JUDAO's reserve-sync and sell-side burn logic to move tokens out of the LP and dump back into the same pool at an inflated price. Funds flow: 2,295,723.159642 USDT was repaid to 0x8f73b65b4caaf64fba2af91cc5d4a2a1318e5d8c; 205,259.490762 USDT was sent to 0x5384b34c74024d6563b323351a4bbfa18432161b; 22,613.847147 USDT was swapped into 36 WBNB/BNB. #DeFiSecurity #BSC #ExploitAlert

$408K Ethereum Exploit!!! A hacker just drained 224,865 USDC 183,453 USDT from contract 0xc851e5a046819b022091b50f05ae3bd052e034a4 using a malicious execute() call All funds sent to 0xdb2096ffceef50106c4457b12fc139d89d179cce.Tx: etherscan.io/tx/0x81f9aeaa69… #ExploitAlert

🚨🚨🚨Exploit Alert Chain: Ethereum Loss: $408,318.18 Target: 0xc851e5a046819b022091b50f05ae3bd052e034a4 Attack Attack Tx: etherscan.io/tx/0x81f9aeaa69… Summary: An attacker deployed 0x2196b3f31a43de49a2951c514488a8dd7c96ad67 and abused execute(uint256,address,uint256,bytes) on 0xc851e5a046819b022091b50f05ae3bd052e034a4 to pull 224,865 USDC and 183,453.18 USDT through 0x34be478993b60561c7c9f3b8a3851e9a3a15cd53 and 0x2a69893ec6d332101750eed731d52891717af671. Funds flow: 0x2196b3f31a43de49a2951c514488a8dd7c96ad67 forwarded both token balances to 0xdb2096ffceef50106c4457b12fc139d89d179cce. #DeFiSecurity #ETH #ExploitAlert

🚨MONA reward-farming / BurnAddress accounting exploit! Chain: BSC Loss: ~60.95K USDT attacker profit Target: BurnAddress (0xd7ab8cc95eab59bab429242ec176feebaea88da3) Attack Tx: bscscan.com/tx/0x3a60e1b3a4b… Summary: Using Moolah flash liquidity and a same-tx Venus borrow, 0x6ab3b009614cd4bbd9c58b1f1cd0ee6ae49eaa87 created 25 fresh accounts, self-bound 0x7eeec499e501293f6e589d550046375a2ad0b4c3 as referrer through NodeSubscriptionLisa (0xb9d8f078043dbf3297416735a84ab87324190fec) / ReferralRegistryLisa (0x651c11eb567df9dcc5a3385f9f204ccbeee9e002), farmed 10,000 MONA, and then manipulated BurnAddress sell accounting around the MONA/USDT pool. Funds flow: 9,900 MONA was routed through 0x9b9442e49acd08aa084bff9735fa2e76a1e75349, 9,875,067.446160841960227167 MONA was reacquired to 0xdd0215b556b08dcd7bad43a8116f89814b1545e0, the final 100 MONA was dumped back to USDT, Moolah and vUSDT were repaid, and 60,950.308123921915843825 USDT was transferred to 0x7eeec499e501293f6e589d550046375a2ad0b4c3. #DeFiSecurity #BSC #ExploitAlert📷📷🚨🚨

🚨 Exploit Alert: TGAI / Computility on BSC A reserve-manipulation attack has been detected involving the TGAI liquidity pool on BSC. What happened: • The attacker used a ~2.4M USDT flash loan • Deployed 25 CREATE2 helper contracts to buy TGAI tokens • Manipulated the LP reserves using the sync() function, injecting ~17.5K USDT into the pair • Then executed swapTGToUSDT, extracting profits 💰 Estimated profit: ~$11.94K 🔍 Transaction details: bscscan.com/tx/0x6031c73c264… Stay vigilant — reserve manipulation remains a persistent threat across DeFi protocols. #DeFiSecurity #ExploitAlert #Web3Security ⚠️ #Audit

🚨 HB Token Reward Manipulation on BSC — ~$194K Lost An attacker exploited HB Token's reward accounting system in a single tx, netting 193,936.99 USDT. Attack flow: 405,231.89 WBNB Moolah flash loan → vBNB collateral on Venus → borrowed 100M USDT → manipulated reward claims via HB Token (0x5b41af6a9b314ef4d92f6809087740a83d20570a), HB (0x86ddbfc6f2e3cf096e80ca79e46042392bd90aef), and reward proxy (0xcc9dadc6c290f9e12a9805a005aaf3c37f46fdb5) → extracted USDT from HB/USDT LP → repaid all loans → transferred profit to 0x2e358f7e323b9e615231873f17b099b833163f23. Tx: bscscan.com/tx/0x19671f5781a… Same recurring pattern: flash-loan-funded state manipulation enabling inflated reward claims. Projects using spot LP state for reward calculations remain sitting ducks. #DeFiSecurity #BSC #ExploitAlert — ExVul Security

🚨 Exploit Alert: TGAI/Computility reserve-manipulation on #BSC Attacker flash loaned ~2.4M USDT, deployed 25 CREATE2 helpers to buy TGAI, then abused `sync()` to push ~17.5K USDT into the LP pair before calling `swapTGToUSDT` — netting ~$11.94K profit. 🔍 bscscan.com/tx/0x6031c73c264… #DeFiSecurity #ExploitAlert #Web3Security