https://miscreants.github.io/blog.trailofbits.com/categories/attacks/Recent content in attacks on The Trail of Bits BlogHugoen-usTue, 13 Jan 2026 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/Tue, 13 Jan 2026 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks resurface decades-old patterns of vulnerabilities that the web security community spent years building effective defenses against.https://miscreants.github.io/blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/Fri, 07 Nov 2025 18:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/A retrospective on the $100M Balancer hack that occurred in November 2025, including long-term, strategic guidance on how to avoid similar bugs.https://miscreants.github.io/blog.trailofbits.com/2025/09/24/supply-chain-attacks-are-exploiting-our-assumptions/Wed, 24 Sep 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/09/24/supply-chain-attacks-are-exploiting-our-assumptions/Supply chain attacks exploit fundamental trust assumptions in modern software development, from typosquatting to compromised build pipelines, while new defensive tools are emerging to make these trust relationships explicit and verifiable.https://miscreants.github.io/blog.trailofbits.com/2025/04/17/mitigating-elusive-comet-zoom-remote-control-attacks/Thu, 17 Apr 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/17/mitigating-elusive-comet-zoom-remote-control-attacks/This post describes a sophisticated social engineering campaign using Zoom’s remote control feature and provides technical solutions to protect organizations against this attack vector.https://miscreants.github.io/blog.trailofbits.com/2023/12/18/a-trail-of-flipping-bits/Mon, 18 Dec 2023 08:30:16 -0500https://miscreants.github.io/blog.trailofbits.com/2023/12/18/a-trail-of-flipping-bits/Trusted execution environments (TEE) such as secure enclaves are becoming more popular to secure assets in the cloud. Their promise is enticing because when enclaves are properly used, even the operator of the enclave or the cloud service should not be able to access those assets. However, this leads to […]https://miscreants.github.io/blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/Mon, 18 Sep 2023 08:00:42 -0400https://miscreants.github.io/blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources. During our evaluation, Caddy was deployed as a reverse proxy […]https://miscreants.github.io/blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/Thu, 16 Feb 2023 08:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/I discovered a logic bug in the readline dependency that partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow attackers to move laterally on a box where sshd is running, a given user is able to login, and the user’s private key […]https://miscreants.github.io/blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/Tue, 25 Oct 2022 07:30:10 -0400https://miscreants.github.io/blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/Trail of Bits is publicly disclosing CVE-2022-35737, which affects applications that use the SQLite library API. CVE-2022-35737 was introduced in SQLite version 1.0.12 (released on October 17, 2000) and fixed in release 3.39.2 (released on July 21, 2022). CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is […]https://miscreants.github.io/blog.trailofbits.com/2022/03/25/towards-practical-security-optimizations-for-binaries/Fri, 25 Mar 2022 08:58:54 -0400https://miscreants.github.io/blog.trailofbits.com/2022/03/25/towards-practical-security-optimizations-for-binaries/To be thus is nothing, but to be safely thus. (Macbeth: 3.1) It’s not enough that compilers generate efficient code, they must also generate safe code. Despite the extensive testing and correctness certification that goes into developing compilers and their optimization passes, they may inadvertently introduce information leaks […]https://miscreants.github.io/blog.trailofbits.com/2021/12/16/detecting-miso-and-opyns-msg-value-reuse-vulnerability-with-slither/Thu, 16 Dec 2021 13:00:49 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/16/detecting-miso-and-opyns-msg-value-reuse-vulnerability-with-slither/On August 18, 2021, samczsun reported a critical vulnerability in SushiSwap’s MISO smart contracts, which put ~350 million USD (109 thousand ETH) at risk. This issue is similar to an attack that was conducted on the Opyn codebase in August of 2020. At the time of the report, I was finishing my […]https://miscreants.github.io/blog.trailofbits.com/2019/05/31/using-osquery-for-remote-forensics/Fri, 31 May 2019 11:59:48 -0400https://miscreants.github.io/blog.trailofbits.com/2019/05/31/using-osquery-for-remote-forensics/System administrators use osquery for endpoint telemetry and daily monitoring. Security threat hunters use it to find indicators of compromise on their systems. Now another audience is discovering osquery: forensic analysts. While osquery core is great for querying various system-level data remotely, forensics extensions will give it the ability to inspect to deeper-level data structures […]https://miscreants.github.io/blog.trailofbits.com/2018/09/05/contract-upgrade-anti-patterns/Wed, 05 Sep 2018 06:00:21 -0400https://miscreants.github.io/blog.trailofbits.com/2018/09/05/contract-upgrade-anti-patterns/A popular trend in smart contract design is to promote the development of upgradable contracts. At Trail of Bits, we have reviewed many upgradable contracts and believe that this trend is going in the wrong direction. Existing techniques to upgrade contracts have flaws, increase the complexity of the contract significantly, and ultimately introduce bugs. To […]https://miscreants.github.io/blog.trailofbits.com/2018/08/01/bluetooth-invalid-curve-points/Wed, 01 Aug 2018 07:05:38 -0400https://miscreants.github.io/blog.trailofbits.com/2018/08/01/bluetooth-invalid-curve-points/A serious bluetooth bug has received quite a bit of attention lately. It’s a great find by Biham and Newman. Given BLE’s popularity in the patch-averse IoT world, the bug has serious implications. And yet, it’s remarkably clean and simple. Unlike many elliptic curve bugs, an average human can totally understand the bug and how […]https://miscreants.github.io/blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/Thu, 05 May 2016 16:56:12 -0400https://miscreants.github.io/blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less. The report’s most glaring flaw is the assertion that the TLS FREAK vulnerability is among the ‘Top 10’ most exploited on the Internet. No experienced security practitioner believes that FREAK is […]https://miscreants.github.io/blog.trailofbits.com/2013/05/20/writing-exploits-with-the-elderwood-kit-part-2/Mon, 20 May 2013 11:34:05 -0400https://miscreants.github.io/blog.trailofbits.com/2013/05/20/writing-exploits-with-the-elderwood-kit-part-2/In the final part of our three-part series, we investigate the how the toolkit user gained control of program flow and what their strategy means for the reliability of their exploit. Elderwood and the Department of Labor Hack Writing Exploits with the Elderwood Kit (Part 1) Writing Exploits with the Elderwood Kit (Part 2) Last time, […]https://miscreants.github.io/blog.trailofbits.com/2013/05/14/writing-exploits-with-the-elderwood-kit-part-1/Tue, 14 May 2013 12:00:57 -0400https://miscreants.github.io/blog.trailofbits.com/2013/05/14/writing-exploits-with-the-elderwood-kit-part-1/In the second part of our three-part series, we investigate the tools provided by the Elderwood kit for developing exploits from discovered vulnerabilities. Elderwood and the Department of Labor Hack Writing Exploits with the Elderwood Kit (Part 1) Writing Exploits with the Elderwood Kit (Part 2) Several mitigations must be avoided or bypassed in order […]https://miscreants.github.io/blog.trailofbits.com/2013/05/13/elderwood-and-the-department-of-labor-hack/Mon, 13 May 2013 12:00:10 -0400https://miscreants.github.io/blog.trailofbits.com/2013/05/13/elderwood-and-the-department-of-labor-hack/Recently, the Department of Labor (DoL) and several other websites were compromised to host a new zero-day exploit in Internet Explorer 8 (CVE-2013-1347). Researchers noted similarities between this attack and earlier ones attributed to Elderwood, a distinct set of tools used to develop several past strategic website compromises. We have not, however, identified any evidence […]