Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
I’m excited to share that @rata0x and I have been collaborating on the Coinbase data leak for the past few months, assisting U.S. Law Enforcement. Today, we informed the affected victims who worked with us that Coinbase will be compensating them.
If you were impacted, please reach out to us—we’ll help you submit your case to coinbase for full recovery. Huge thanks to Coinbase for taking steps to make their customers whole!
• https://x.com/officer_cia/status/1923065371315011688?s=46
#security
If you were impacted, please reach out to us—we’ll help you submit your case to coinbase for full recovery. Huge thanks to Coinbase for taking steps to make their customers whole!
• https://x.com/officer_cia/status/1923065371315011688?s=46
#security
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_secret) on X
I’m excited to share that @rata0x and I have been collaborating on the Coinbase data leak for the past few months, assisting U.S. Law Enforcement. Today, we informed the affected victims who worked with us that Coinbase will be compensating them.
If you…
If you…
https://unphishable.io
- Train to spot Web3 phishing scams — safely, in your browser.
-30+ real attack simulations
-Testnet only. No real assets.
Source: https://x.com/slowmist_team/status/1939914194197135467?s=61
- Train to spot Web3 phishing scams — safely, in your browser.
-30+ real attack simulations
-Testnet only. No real assets.
Source: https://x.com/slowmist_team/status/1939914194197135467?s=61
🔥6
Forwarded from Investigations by ZachXBT
The recent ~$140M (R$ 800M) cyberattack on the Central Bank of Brazil services provider C&M Software is easily one of the most insane cases from this year.
Six financial institutions experienced unauthorized access to their reserve accounts on June 30, 2025.
Attackers converted fiat to BTC / ETH / USDT via Latam OTCs / exchanges. By my estimate at least $30-40M was converted to crypto.
Brazilian law enforcement has since shared the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password.
I'll publish theft addresses related to the incident that I found when it's ok to share them as I have been helping freeze funds and attributing unlabeled OTCs.
Have not seen much coverage on the incident outside of Brazil.
Six financial institutions experienced unauthorized access to their reserve accounts on June 30, 2025.
Attackers converted fiat to BTC / ETH / USDT via Latam OTCs / exchanges. By my estimate at least $30-40M was converted to crypto.
Brazilian law enforcement has since shared the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password.
I'll publish theft addresses related to the incident that I found when it's ok to share them as I have been helping freeze funds and attributing unlabeled OTCs.
Have not seen much coverage on the incident outside of Brazil.
❤3
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
An open, precise, and distributed approach to producing and consuming vulnerability information for open source ⬇️
• https://x.com/officer_cia/status/1949100969410679262
#security
• https://x.com/officer_cia/status/1949100969410679262
#security
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_secret) on X
An open, precise, and distributed approach to producing and consuming vulnerability information for open source ⬇️
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Fake extension for the cursorAI IDE code editor infected devices with remote access tools and info stealers, which led to the theft of $500,000 in cryptocurrency: https://x.com/officer_cia/status/1945181172729786643?s=46
#security
#security
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_secret) on X
Researchers from @kaspersky Lab have shared the results of their investigation into an incident involving a blockchain developer who fell victim to a scam.
It turned out that a fake extension for the @cursor_ai IDE code editor infected devices with remote…
It turned out that a fake extension for the @cursor_ai IDE code editor infected devices with remote…
Daily Security
UniV4 Useful Stuff🙏✌️❤️ Bad Hook with Broken Access Control https://composable-security.com/blog/uniswap-v-4-bad-hook-with-broken-access-control/ Oracle Hook with Malicious Owner https://composable-security.com/blog/uniswap-v-4-oracle-hook-with-malicious…
Openzeppelin
Six Questions To Ask Before Writing a Uniswap v4 Hook
This guide outlines some key considerations when designing a hook to suit your specific needs.
❤2🔥1
Odin Fun Got Hacked Today
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here🙃
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here
Please open Telegram to view this post
VIEW IN TELEGRAM
🙉4
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iOS 18.6.2 and iPadOS 18.6.2 - Apple Support
This document describes the security content of iOS 18.6.2 and iPadOS 18.6.2.
❤1
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iPadOS 17.7.10 - Apple Support
This document describes the security content of iPadOS 17.7.10.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sequoia 15.6.1 - Apple Support
About the security content of macOS Sequoia 15.6.1.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sonoma 14.7.8 - Apple Support
About the security content of macOS Sonoma 14.7.8.