https://unphishable.io
- Train to spot Web3 phishing scams — safely, in your browser.
-30+ real attack simulations
-Testnet only. No real assets.
Source: https://x.com/slowmist_team/status/1939914194197135467?s=61
- Train to spot Web3 phishing scams — safely, in your browser.
-30+ real attack simulations
-Testnet only. No real assets.
Source: https://x.com/slowmist_team/status/1939914194197135467?s=61
🔥6
Forwarded from Investigations by ZachXBT
The recent ~$140M (R$ 800M) cyberattack on the Central Bank of Brazil services provider C&M Software is easily one of the most insane cases from this year.
Six financial institutions experienced unauthorized access to their reserve accounts on June 30, 2025.
Attackers converted fiat to BTC / ETH / USDT via Latam OTCs / exchanges. By my estimate at least $30-40M was converted to crypto.
Brazilian law enforcement has since shared the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password.
I'll publish theft addresses related to the incident that I found when it's ok to share them as I have been helping freeze funds and attributing unlabeled OTCs.
Have not seen much coverage on the incident outside of Brazil.
Six financial institutions experienced unauthorized access to their reserve accounts on June 30, 2025.
Attackers converted fiat to BTC / ETH / USDT via Latam OTCs / exchanges. By my estimate at least $30-40M was converted to crypto.
Brazilian law enforcement has since shared the threat actor paid an employee at C&M only $2.76K (R$ 15K) for his corporate login and password.
I'll publish theft addresses related to the incident that I found when it's ok to share them as I have been helping freeze funds and attributing unlabeled OTCs.
Have not seen much coverage on the incident outside of Brazil.
❤3
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
An open, precise, and distributed approach to producing and consuming vulnerability information for open source ⬇️
• https://x.com/officer_cia/status/1949100969410679262
#security
• https://x.com/officer_cia/status/1949100969410679262
#security
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_secret) on X
An open, precise, and distributed approach to producing and consuming vulnerability information for open source ⬇️
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Fake extension for the cursorAI IDE code editor infected devices with remote access tools and info stealers, which led to the theft of $500,000 in cryptocurrency: https://x.com/officer_cia/status/1945181172729786643?s=46
#security
#security
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_secret) on X
Researchers from @kaspersky Lab have shared the results of their investigation into an incident involving a blockchain developer who fell victim to a scam.
It turned out that a fake extension for the @cursor_ai IDE code editor infected devices with remote…
It turned out that a fake extension for the @cursor_ai IDE code editor infected devices with remote…
Daily Security
UniV4 Useful Stuff🙏✌️❤️ Bad Hook with Broken Access Control https://composable-security.com/blog/uniswap-v-4-bad-hook-with-broken-access-control/ Oracle Hook with Malicious Owner https://composable-security.com/blog/uniswap-v-4-oracle-hook-with-malicious…
Openzeppelin
Six Questions To Ask Before Writing a Uniswap v4 Hook
This guide outlines some key considerations when designing a hook to suit your specific needs.
❤2🔥1
Odin Fun Got Hacked Today
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here🙃
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here
Please open Telegram to view this post
VIEW IN TELEGRAM
🙉4
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iOS 18.6.2 and iPadOS 18.6.2 - Apple Support
This document describes the security content of iOS 18.6.2 and iPadOS 18.6.2.
❤1
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iPadOS 17.7.10 - Apple Support
This document describes the security content of iPadOS 17.7.10.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sequoia 15.6.1 - Apple Support
About the security content of macOS Sequoia 15.6.1.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sonoma 14.7.8 - Apple Support
About the security content of macOS Sonoma 14.7.8.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Ventura 13.7.8
For:
macOS Ventura
Released:
20 Aug 2025
Security Document
macOS Ventura 13.7.8
For:
macOS Ventura
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Ventura 13.7.8 - Apple Support
About the security content of macOS Ventura 13.7.8.
"For Chromium-based browser users, it is recommended to configure site access to 'on click' in extension settings," Tóth said. "This configuration allows users to manually control auto-fill functionality."
Source
Please open Telegram to view this post
VIEW IN TELEGRAM