Security Research Lab
You Can Trust

Expert security audits and incident analysis from a team of industrial researchers specializing in Software Systems, Cloud Servers, Blockchain Protocols, Cryptography, and Digital Asset Protection.

View Subscription Plans Request Audit

ISO 27001 Readiness Assessments

EU-Based Security Compliance Services

Specialized readiness assessments for European organizations seeking ISO 27001 certification. We evaluate your information security management systems, identify compliance gaps, and provide actionable recommendations to achieve certification faster. Our assessments cover all 114 controls across 14 domains, including risk assessment, access control, cryptography, and incident management.

Gap Analysis

Comprehensive evaluation of current security posture against ISO 27001 requirements with detailed remediation roadmap.

Control Assessment

Systematic review of all 114 security controls with evidence collection and documentation support.

Implementation Support

Practical guidance on implementing missing controls and building compliant security management systems.

Recent Security Incidents

March 13, 2026

Aave Security Incident

Aave - RektFriday, March 13, 2026Aave - Liquidation - Configuration Error $27.78 million (10,938 wstETH) in healthy positions liquidated - not by a hacker, not by a market crash, by Aave's own anti-manipulation system, misfiring on the people it was built to protect.

March 11, 2026

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday.

March 11, 2026

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.

March 10, 2026

Solv Security Incident

DeFi / Crypto - $2.73 million drained from Solv's BRO vault, a callback fired before the books balanced, minting the same deposit twice across 22 loops and turning 135 BRO into 567 million, all inside a single transaction. An unaudited contract with no bug bounty coverage, losses covered by the team, attacker exited to Tornado Cash.

March 8, 2026

Yieldblox Security Incident

Yieldblox - RektFriday, February 27, 2026Yieldblox - Blend V2 - Oracle Manipulation $10.97 million gone from YieldBlox's community-managed pool on Blend V2, and all it took was one trade in the USTRY/USDC market with less than $1 in hourly volume. No novel bug, no smart-contract sorcery, just liquidity vaporized the old-fashioned way.

March 8, 2026

Iotex Security Incident

IoTeX - RektWednesday, February 25, 2026IoTeX - Private Key Leak - Rekt One compromised private key. One Saturday morning. One bridge that handed over the keys to everything it was supposed to protect. On February 21, 2026, an attacker quietly obtained the owner key to IoTeX's ioTube bridge validator contract, and with it, administrative control over every asset the bridge was holding.

March 8, 2026

Moonwell Security Incident

Moonwell - RektFriday, February 20, 2026Moonwell - Vibe Coding - Rekt One math error. Four minutes of chaos. $1.78 million gone. A single missing multiplication, cbETH/ETH without the ETH/USD, turned a $2,200 asset into a $1.12 one, and liquidation bots didn't wait for a second opinion. They never do.

March 8, 2026

Step Finance Security Incident

DeFi / Crypto - Audited contracts, bug bounties, and security reviews. None of it mattered when an executive's inbox at Step Finance became the attack vector. $27.3 million in SOL unstaked and gone. The smart contracts worked flawlessly. The humans didn't.

March 8, 2026

Saga Security Incident

Saga - RektMonday, January 26, 2026Saga - Validation Failure - IBC Saga's Inter-Blockchain Communication protocol lived up to its name, it communicated whatever the attacker wanted it to. On January 21st, someone taught SagaEVM's bridge a new language: fiction.

March 8, 2026

How AI Assistants are Moving the Security Goalposts

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.

Security Research

Actions Semiconductor — USB VID 10D6

CVE Pending: Unsigned Firmware Update in Actions Semiconductor Platform

Medium Public
February 24, 2026

The firmware update tool (RdiskUpgrade.exe / Production.dll) for all devices using Actions Semiconductor VID 10D6 performs zero cryptographic verification before flashing firmware over USB. An attacker with physical access can permanently compromise any affected device. Covers 12 USB Product IDs across multiple consumer brands. CVE submitted to MITRE — pending assignment.

CVE submission filed — MITRE review in progress
Shotcut / MLT Framework

CVE-2025-65834: Buffer Overflow in Shotcut 25.10.31

Medium Public
December 14, 2025

Buffer overflow in Shotcut video editor's MLT Framework image processing pipeline. An attacker can trigger out-of-bounds memory access via a crafted media file. CVE assigned by MITRE.

CVE-2025-65834 — assigned by MITRE

Our Services

Smart Contract Audits

Comprehensive security analysis of blockchain smart contracts, covering re-entrancy, access control, logic errors, and economic vulnerabilities.

DeFi Security Reviews

Specialized audits for DeFi protocols including oracle manipulation, flash loan attacks, AMM vulnerabilities, and token economics.

Web Application Security

OWASP Top 10 assessments, API security testing, authentication bypass, injection attacks, and XSS vulnerabilities.

Cloud Security Audits

AWS, Azure, and GCP security assessments covering IAM, network security, data protection, and compliance.

Penetration Testing

Black-box and white-box penetration testing for web applications, APIs, and infrastructure.

Incident Analysis

Post-breach forensics, root cause analysis, and remediation guidance based on real-world attack patterns.

Security Subscription Plans

🔒 Professional Security Monitoring & Expert Reviews

Choose from three comprehensive security plans designed for all technology stacks - from automated protection to dedicated security teams. Plans start at $199/month with 15% savings on annual billing.

View All Subscription Plans →

Not ready for a subscription? We offer one-time security audits starting at €2,500 for smart contracts and €3,500 for full-stack applications.

Request Custom Quote

Request a Security Audit

Do you need a professional cyber security service?

Get in Touch

audit{AT}bytescan.net

We typically respond within 24 hours with a custom quote based on your project scope and requirements.

Frequently Asked Questions

What types of smart contracts do you audit?
We audit all types of smart contracts including DeFi protocols (DEXs, lending platforms, yield farms), NFT marketplaces, DAOs, bridges, staking contracts, and more. We work with Solidity (Ethereum), Rust (Solana), and other blockchain languages.
How long does a typical audit take?
A standard smart contract audit takes 1-2 weeks depending on complexity. Small contracts (< 500 lines) can be completed in 3-5 days, while large DeFi protocols may require 3-4 weeks for comprehensive analysis.
What's included in a security audit?
Our audits include: manual code review, automated vulnerability scanning, logic verification, economic security analysis, gas optimization recommendations, detailed findings report with severity ratings, and remediation guidance. We test for common vulnerabilities like re-entrancy, access control issues, oracle manipulation, and more.
Do you offer bug bounty management?
Yes, our Enterprise plan includes bug bounty program setup and management. We help structure reward tiers, triage submissions, and coordinate with whitehats. We can also integrate with platforms like Immunefi and Code4rena.
What's your responsible disclosure policy?
We follow industry-standard responsible disclosure: 90-day private disclosure period, coordinated public disclosure with the project team, and proper CVE assignment when applicable. We never publicly disclose vulnerabilities without vendor coordination.
Can you help with incident response?
Yes, we provide emergency incident response for active exploits. Our Professional and Enterprise plans include incident response consultation. For non-subscribers, we offer emergency retainer agreements with 24/7 availability.

Contact Us

Have questions about our services or need a custom security solution? We're here to help.

Email Us

📧 audit@bytescan.net

For general inquiries, partnership opportunities, or media requests, please reach out via email. We respond to all messages within 24 hours.