I reverse engineered Qualcomm's NPU compiler to find undocumented behaviour that affects every edge AI deployment.
Things nobody knew:
1. The compiler silently downgrades the precision of your model weights without telling you
2. Memory placement uses HiGHS which is an LP solver (not heuristics)
3. The same model on two different chips with identical reported VTCM can have 33x difference in DDR traffic
4. There's an undocumented internal simulator called Hextimate pricing ops without the hardware
Every NPU vendor be it Qualcomm, MediaTek or Apple NEVER tells you how to make the most use of their hardware.
I was very close to rage quitting before I finally lost all hope and thought of reverse engineering to understand how NPUs are handled.
Read the full write-up below:
Earlier today, a user attempted to buy AAVE using $50M USDT through the Aave interface.
Given the unusually large size of the single order, the Aave interface, like most trading interfaces, warned the user about extraordinary slippage and required confirmation via a checkbox. The user confirmed the warning on their mobile device and proceeded with the swap, accepting the high slippage, which ultimately resulted in receiving only 324 AAVE in return.
The transaction could not be moved forward without the user explicitly accepting the risk through the confirmation checkbox.
The CoW Swap routers functioned as intended, and the integration followed standard industry practices. However, while the user was able to proceed with the swap, the final outcome was clearly far from optimal.
Events like this do occur in DeFi, but the scale of this transaction was significantly larger than what is typically seen in the space.
We sympathize with the user and will try to make a contact with the user and we will return $600K in fees collected from the transaction.
The key takeaway is that while DeFi should remain open and permissionless, allowing users to perform transactions freely, there are additional guardrails the industry can build to better protect users. Our team will be investigating ways to improve these safeguards going forward.
We recently achieved guest-to-host escape by exploiting a QEMU 0day.
We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive.
Writeup coming next week.
Someone has already built an Android agent using Qwen3.5-27B + DGX Spark, distributing tasks via a web UI so the model can read the screen, make decisions, and click automatically, resulting in a 4x speedup inference. 🤯
Ok, finally replaced retdec with Ghidra Decompiler in LLDB. Now, it decompiles any function from a live process - binaries, dylibs, system frameworks, straight from memory with syntax highlighting...
https://t.co/zCV58ONeUw
⚠️Telegram 1-click vulnerability
A single click can reveal your real IP address — even if you use a proxy.
Affects both Android and iOS Telegram clients. 👇
Pangu Lab reports a successful privilege escalation on iOS 26.1, extending data extraction support for apps like Telegram across iOS 17.0–26.1. This highlights persistent security challenges in the latest iOS releases. Source(Chinese): https://t.co/hLhztoDIn3
Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE (slides)
https://t.co/OB4n41k6mW
Credits @Peterpan980927 and @st424204#cybersecurity
Ethereum should be cautious about relying on software controlled by a venture fund that is simultaneously developing competing infrastructure. Ethereum should be cautious about adopting Reth.
Concentrating a core client in the hands of a single investor backed entity exposes the protocol to that actor’s strategic priorities, including portfolio pressures, shifting roadmaps and the inevitable conflicts that arise when commercial interests overlap with protocol governance.
This is why Lambda decided a year ago to develop @ethrex_client rather than adopt Reth in our products. A system that aspires to function as a global financial backend needs to be built on engineering cultures that emphasize neutrality, long term reliability and transparent decisionmaking. Ethereum’s resilience has historically come from a diverse set of clients developed by teams whose incentives align with the health of the network rather than short term mercenary objectives.
Our engineering concerns reinforce this view. Reth’s codebase adopts a Java like style and incorporates AI generated components, a combination that reduces clarity and introduces fragility. Protocol critical software must favour mininalism, maintainability and correctness.
Intellexa Predator cyber tool (spyware hacking user devices) operates across multiple countries, recent targets identified in Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan. Among the users are at least 25 countries including Germany, Austria, Switzerland, Qatar, Congo. Once a device is hacked and infected, Predator provides complete access to encrypted messaging apps like Signal and WhatsApp, email, photos, location data. It can remotely activate cameras and microphones. The system had at least 15 zero-day exploits in use since 2021.
A very interesting revelation indicates Intellexa's operational access to client systems. Training videos show company staff remotely connecting to live government systems, observing real-time infection attempts, viewing logs of targets, and accessing backend interfaces normally reserved for government operators. The company uses an infection method called Aladdin that can silently infect phones through malicious digital advertisements without any user interaction, exploiting the global online advertising ecosystem. The system uses public IP addresses to target specific devices, instructing ad platforms to deliver exploit code disguised as normal advertisements on legitimate websites and apps.
Intellexa has adapted its infrastructure to evade detection, hiding behind services like Cloudflare and establishing front companies in Dubai's free trade zones to handle logistics and facilitate the advertising-based infection operations.
https://t.co/fyhGiWXwyA https://t.co/YPTQtTOi8n https://t.co/xHhXw5DDVR https://t.co/EIcWk5P3Wf
Added a kernel driver to read arbitrary process memory (including Protected Process).
Also implemented a functionality to query memory mapping information.
https://t.co/261HKGF5JZ