Field notes from CredShields

Security research,
decoded.

Practical AppSec, pentesting, compliance, and engineering notes from the team securing modern applications.

Recently Posted

June 5, 2026

CVE-2026-10753: A Broken Access Control Flaw CredShields Found in Google’s Site Kit

An editor level user with dashboard sharing access could change a sitewide setting through a REST API endpoint that should have been...

Read article →

April 28, 2026

What Makes Daml Different: A Security Perspective

If you work in web3 security, your mental model of smart contract risk was almost certainly built on Solidity. Reentrancy. Integer overflow....

Read article →

April 19, 2026

Incident Report: Kelp DAO rsETH Bridge Exploit

Incident: Kelp DAO rsETH bridge, April 18 2026, 17:35 UTC An attacker pulled 116,500 rsETH roughly $292M, about 18% of the ~630,000-token...

Read article →

April 17, 2026

5 Common Daml Authorization Mistakes

Daml’s authorization model is genuinely one of the better things about it. Solidity makes you bolt onaccess control by hand. Daml pushes...

Read article →

April 15, 2026

CredShields Joins the Canton Network as an Official Audit Partner

CredShields has officially joined the Canton Network as an Audit Partner, bringing smart contract security, AI-powered risk detection, and continuous monitoring to...

Read article →

CredShields Blog

Latest articles

February 25, 2026 Announcements

CredShields Completes SOC 2 Type II Audit: What It Means for Our Customers and Partners

CredShields has completed an independent SOC 2® Type II audit, conducted by KEN & CO. CPA, LLC. The...

Read article →

February 19, 2026 Guides & Education

Agentic Systems Are Now a Security Boundary

AI agents must be treated as production infrastructure. Gone are the times when security perimeters used to be...

Read article →

February 13, 2026 Guides & Education

The OWASP Smart Contract Top 10 (2026): A Production-Focused Security Implementation Guide

Smart contracts do not fail randomly. They fail in patterns. Over the last several years, blockchain systems have...

Read article →

January 29, 2026 Guides & Education

Security Certifications Required for DeFi Protocol Launches

Launching a Decentralized Finance (DeFi) protocol in 2026 demands more than innovative technology; it requires a robust security...

Read article →

January 18, 2026 Thought Leadership & Trends

2025: Why Audits Failed and Control Planes Collapsed

2025 was not defined by new vulnerabilities. It was defined by where losses actually occurred. Despite years of...

Read article →

January 9, 2026 Security Deep Dives

Ledger Data Leak: How the Global-e Hack Exposed User Data

In early 2025, Ledger confirmed a customer data leak linked not to its hardware wallets or core infrastructure,...

Read article →

January 5, 2026 News & Updates

Trust Wallet Breach: How a Browser Extension Became the Attack Surface

The Trust Wallet breach has sent ripples through the cryptocurrency community. This incident underscores the vulnerabilities inherent in...

Read article →

December 30, 2025 Security Deep Dives

Deep Dive: MongoDB Vulnerability (CVE-2025-14847)

Few days ago a serious security vulnerability was disclosed in MongoDB Server, tracked as CVE-2025-14847 and informally referred...

Read article →

December 2, 2025 Security Deep Dives

Uniswap V4: A Deep Dive into the Next Generation AMM (Part 1)

Introduction Uniswap V4 represents a fundamental reimagining of automated market maker (AMM) architecture. Built on the foundation of...

Read article →

November 24, 2025 Hack Analysis

Aerodrome/Velodrome Front-End Breach: Understanding the Web2 Attack Surface in Web3 Protocols

On November 22, 2025, Aerodrome (the leading DEX on Base) and Velodrome (the leading DEX on Optimism) suffered...

Read article →

Security research,decoded.

Latest articles

Security research,
decoded.