Odin Fun Got Hacked Today
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here🙃
Some notes regarding the incident:
- Attackers deposited a worthless token along with BTC, manipulated the pool price ratio and eventually withdrew the BTC.
- Looks like the whitelisting wasn’t properly implemented. Moreover, it looks like Chinese hackers have been involved
Attached more information under the twit here
Please open Telegram to view this post
VIEW IN TELEGRAM
🙉4
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
iOS 18.6.2 and iPadOS 18.6.2
For:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iOS 18.6.2 and iPadOS 18.6.2 - Apple Support
This document describes the security content of iOS 18.6.2 and iPadOS 18.6.2.
❤1
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
iPadOS 17.7.10
For:
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of iPadOS 17.7.10 - Apple Support
This document describes the security content of iPadOS 17.7.10.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
macOS Sequoia 15.6.1
For:
macOS Sequoia
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sequoia 15.6.1 - Apple Support
About the security content of macOS Sequoia 15.6.1.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
macOS Sonoma 14.7.8
For:
macOS Sonoma
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Sonoma 14.7.8 - Apple Support
About the security content of macOS Sonoma 14.7.8.
Forwarded from Apple Actively Exploited
Update with a fix for an actively exploited vuln(s):
macOS Ventura 13.7.8
For:
macOS Ventura
Released:
20 Aug 2025
Security Document
macOS Ventura 13.7.8
For:
macOS Ventura
Released:
20 Aug 2025
Security Document
Apple Support
About the security content of macOS Ventura 13.7.8 - Apple Support
About the security content of macOS Ventura 13.7.8.
"For Chromium-based browser users, it is recommended to configure site access to 'on click' in extension settings," Tóth said. "This configuration allows users to manually control auto-fill functionality."
Source
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Bernhard Mueller
So, the smart contract audit benchmarks tooling is completely finished, from dataset generation to reporting. The only thing that's missing is creating comprehensive baselines using the best available models. If anyone wants to sponsor this or has infinite API credits available lmk 🙂
https://github.com/muellerberndt/scabench
https://github.com/muellerberndt/scabench
GitHub
GitHub - scabench-org/scabench: A framework for evaluating AI audit agents using recent real-world data
A framework for evaluating AI audit agents using recent real-world data - scabench-org/scabench
❤4
Forwarded from Investigations by ZachXBT
It appears the Solana project 'Aqua' has likely rug pulled 21.77K SOL ($4.65M) after being promoted by teams such as Meteora, Quill Audits, Helius, SYMMIO, Dialect, and many influencers.
A few hours ago the funds were split four ways and transferred between intermediary addresses before being sent to multiple instant exchanges.
The team has since turned off replies on X (Twitter) for all posts.
Presale address
A few hours ago the funds were split four ways and transferred between intermediary addresses before being sent to multiple instant exchanges.
The team has since turned off replies on X (Twitter) for all posts.
Presale address
4Ea23VxEGAgfbtauQZz11aKNtzHJwb84ppsg3Cz14u6q😭5
Hopefully, it will be okay soon
Scandal around dYdX over $25M
- DEX dYdX closed the bridge for ethDYDX migration — the native network since June 13.
- According to influencers, 45k+ holders are "stuck" with tokens worth over $25 million.
- Now ethDYDX cannot be exchanged, deposited to CEX, or converted.
Source
Scandal around dYdX over $25M
- DEX dYdX closed the bridge for ethDYDX migration — the native network since June 13.
- According to influencers, 45k+ holders are "stuck" with tokens worth over $25 million.
- Now ethDYDX cannot be exchanged, deposited to CEX, or converted.
Source
www.dydx.foundation
Discontinuation of Support for the ethDYDX Bridge | dYdX Foundation
The dYdX Community has officially ceased support for the ethDYDX Bridge as of June 13, 2025. Learn what this means for unbridged tokens, their impact on DYDX supply, and key token statistics following the closure.
😭2
Forwarded from Officer’s Articles
How Cross-Chain Bridges are Hacked?
Link: https://officercia.mirror.xyz/IvG5yxJrLviq0bT9CXMx8lQ-ZGOBomYbeizMEzp6n40
Link: https://officercia.mirror.xyz/IvG5yxJrLviq0bT9CXMx8lQ-ZGOBomYbeizMEzp6n40
👍1
Two malicious crates have been identified in the crates.io
https://blog.rust-lang.org/2025/09/24/crates.io-malicious-crates-fasterlog-and-asyncprintln/
https://blog.rust-lang.org/2025/09/24/crates.io-malicious-crates-fasterlog-and-asyncprintln/
blog.rust-lang.org
crates.io: Malicious crates faster_log and async_println | Rust Blog
Empowering everyone to build reliable and efficient software.
🤝7
Forwarded from Defimon Alerts
A series of attacks on Hyperliquid today targeted Hyperdrive.fi:
https://x.com/hyperdrivedefi/status/1971943575559852327
https://x.com/hyperdrivedefi/status/1971955057823531196
https://x.com/hyperdrivedefi/status/1971943575559852327
https://x.com/hyperdrivedefi/status/1971955057823531196
🙉3
In Kazakhstan, the largest crypto exchange that worked for the drug trade was closed
The service was considered «respected» in the underground environment and cooperated with 20 largest «Darknet»-marketing, where total audience exceeded 5 million users. More than 200 drug trafficking sites from Kazakhstan, Russia, Ukraine and Moldova passed through it.
The total turnover of «RAKS exchange» exceeded 224 million USD.
https://sozmedia.kz/94819/
The service was considered «respected» in the underground environment and cooperated with 20 largest «Darknet»-marketing, where total audience exceeded 5 million users. More than 200 drug trafficking sites from Kazakhstan, Russia, Ukraine and Moldova passed through it.
The total turnover of «RAKS exchange» exceeded 224 million USD.
https://sozmedia.kz/94819/
Forwarded from AISecHub
State of MCP Server Security 2025: 5,200 Servers, Credential Risks - https://astrix.security/learn/blog/state-of-mcp-server-security-2025/
We analyzed over 5,200 unique, open-source MCP server implementations to understand how they manage credentials and what this means for the security of the growing AI agent ecosystem.
- 88% of MCP servers need credentials to function
- 53% rely on static API keys and Personal Access Tokens (PAT)
- Only 8.5% use modern OAuth authentication
- 79% store API keys in basic environment variables
#MCP #ModelContextProtocol #AIAgents #AgentSecurity #CredentialSecurity #SecretsManagement #OAuth #APIKeys #PATs #SecretRotation #LeastPrivilege #AstrixSecurity
We analyzed over 5,200 unique, open-source MCP server implementations to understand how they manage credentials and what this means for the security of the growing AI agent ecosystem.
- 88% of MCP servers need credentials to function
- 53% rely on static API keys and Personal Access Tokens (PAT)
- Only 8.5% use modern OAuth authentication
- 79% store API keys in basic environment variables
#MCP #ModelContextProtocol #AIAgents #AgentSecurity #CredentialSecurity #SecretsManagement #OAuth #APIKeys #PATs #SecretRotation #LeastPrivilege #AstrixSecurity
Astrix Security
State of MCP Server Security 2025: Research Report | Astrix
5K+ MCP servers analysis: 53% use insecure hard-coded credentials. Read the full 2025 research and download the open-source MCP Secret Wrapper to mitigate risks.
❤1
Forwarded from Atoms Research
$70.9M moved to a fresh wallet. Tokens moved:
- 6.85K $OSETH
- 6.59K $WETH
- 4.26K $wSTETH
Source
Please open Telegram to view this post
VIEW IN TELEGRAM