Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
An open, precise, and distributed approach to producing and consuming vulnerability information for open source ⬇️
• https://x.com/officer_cia/status/1949100969410679262
#security
• https://x.com/officer_cia/status/1949100969410679262
#security
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_secret) on X
An open, precise, and distributed approach to producing and consuming vulnerability information for open source ⬇️
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Fake extension for the cursorAI IDE code editor infected devices with remote access tools and info stealers, which led to the theft of $500,000 in cryptocurrency: https://x.com/officer_cia/status/1945181172729786643?s=46
#security
#security
X (formerly Twitter)
Vladimir S. | Officer's Notes (@officer_secret) on X
Researchers from @kaspersky Lab have shared the results of their investigation into an incident involving a blockchain developer who fell victim to a scam.
It turned out that a fake extension for the @cursor_ai IDE code editor infected devices with remote…
It turned out that a fake extension for the @cursor_ai IDE code editor infected devices with remote…
Daily Security
UniV4 Useful Stuff🙏✌️❤️ Bad Hook with Broken Access Control https://composable-security.com/blog/uniswap-v-4-bad-hook-with-broken-access-control/ Oracle Hook with Malicious Owner https://composable-security.com/blog/uniswap-v-4-oracle-hook-with-malicious…
Openzeppelin
Six Questions To Ask Before Writing a Uniswap v4 Hook
This guide outlines some key considerations when designing a hook to suit your specific needs.
❤2🔥1
Odin Fun Got Hacked Today
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here🙃
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here
Please open Telegram to view this post
VIEW IN TELEGRAM
🙉4
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iOS 18.6.2 and iPadOS 18.6.2 - Apple Support
This document describes the security content of iOS 18.6.2 and iPadOS 18.6.2.
❤1
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iPadOS 17.7.10 - Apple Support
This document describes the security content of iPadOS 17.7.10.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sequoia 15.6.1 - Apple Support
About the security content of macOS Sequoia 15.6.1.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sonoma 14.7.8 - Apple Support
About the security content of macOS Sonoma 14.7.8.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Ventura 13.7.8
For:
macOS Ventura
Released:
20 Aug 2025
Security Document
macOS Ventura 13.7.8
For:
macOS Ventura
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Ventura 13.7.8 - Apple Support
About the security content of macOS Ventura 13.7.8.
"For Chromium-based browser users, it is recommended to configure site access to 'on click' in extension settings," Tóth said. "This configuration allows users to manually control auto-fill functionality."
Source
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Bernhard Mueller
So, the smart contract audit benchmarks tooling is completely finished, from dataset generation to reporting. The only thing that's missing is creating comprehensive baselines using the best available models. If anyone wants to sponsor this or has infinite API credits available lmk 🙂
https://github.com/muellerberndt/scabench
https://github.com/muellerberndt/scabench
GitHub
GitHub - scabench-org/scabench: A framework for evaluating AI audit agents using recent real-world data
A framework for evaluating AI audit agents using recent real-world data - scabench-org/scabench
❤4
Forwarded from Investigations by ZachXBT
It appears the Solana project 'Aqua' has likely rug pulled 21.77K SOL ($4.65M) after being promoted by teams such as Meteora, Quill Audits, Helius, SYMMIO, Dialect, and many influencers.
A few hours ago the funds were split four ways and transferred between intermediary addresses before being sent to multiple instant exchanges.
The team has since turned off replies on X (Twitter) for all posts.
Presale address
A few hours ago the funds were split four ways and transferred between intermediary addresses before being sent to multiple instant exchanges.
The team has since turned off replies on X (Twitter) for all posts.
Presale address
4Ea23VxEGAgfbtauQZz11aKNtzHJwb84ppsg3Cz14u6q😭5
Hopefully, it will be okay soon
Scandal around dYdX over $25M
- DEX dYdX closed the bridge for ethDYDX migration — the native network since June 13.
- According to influencers, 45k+ holders are "stuck" with tokens worth over $25 million.
- Now ethDYDX cannot be exchanged, deposited to CEX, or converted.
Source
Scandal around dYdX over $25M
- DEX dYdX closed the bridge for ethDYDX migration — the native network since June 13.
- According to influencers, 45k+ holders are "stuck" with tokens worth over $25 million.
- Now ethDYDX cannot be exchanged, deposited to CEX, or converted.
Source
www.dydx.foundation
Discontinuation of Support for the ethDYDX Bridge | dYdX Foundation
The dYdX Community has officially ceased support for the ethDYDX Bridge as of June 13, 2025. Learn what this means for unbridged tokens, their impact on DYDX supply, and key token statistics following the closure.
😭2
Forwarded from Officer’s Articles
How Cross-Chain Bridges are Hacked?
Link: https://officercia.mirror.xyz/IvG5yxJrLviq0bT9CXMx8lQ-ZGOBomYbeizMEzp6n40
Link: https://officercia.mirror.xyz/IvG5yxJrLviq0bT9CXMx8lQ-ZGOBomYbeizMEzp6n40
👍1
Two malicious crates have been identified in the crates.io
https://blog.rust-lang.org/2025/09/24/crates.io-malicious-crates-fasterlog-and-asyncprintln/
https://blog.rust-lang.org/2025/09/24/crates.io-malicious-crates-fasterlog-and-asyncprintln/
blog.rust-lang.org
crates.io: Malicious crates faster_log and async_println | Rust Blog
Empowering everyone to build reliable and efficient software.
🤝7