π Bitcoin Core Addresses High-Severity Memory DoS Vulnerability
#Bitcoin #BitcoinCore #DoS #vulnerability #cybersecurity #blockchain #cryptocurrency #securityupdate #BTC
According to Foresight News, the Bitcoin Core project has disclosed a significant security vulnerability in the Bitcoin network caused by spam headers leading to a memory Denial of Service (DoS) leak. The issue, deemed highly severe, allowed attackers to remotely crash peer nodes by sending spam with low-difficulty header chains before the release of Bitcoin Core v24.0.1.
Bitcoin Core has now implemented protections against this DoS vulnerability. The new measure ensures that nodes will first verify whether the presented chain has sufficient work before committing to store it. This update means that Bitcoin Core no longer relies on checkpoints to guard against any known attacks, enhancing the overall security of the network.#Bitcoin #BitcoinCore #DoS #vulnerability #cybersecurity #blockchain #cryptocurrency #securityupdate #BTC
π Apple Issues Urgent Security Update to Address Zero-Day Vulnerabilities
#Apple #SecurityUpdate #ZeroDay #Vulnerabilities #Mac #Intel #WebKit #JavaScriptCore #CVE202444308 #CVE202444309 #Malware #CyberSecurity
According to PANews, Apple has released an urgent security update to address two zero-day vulnerabilities affecting Mac users with Intel architecture. These vulnerabilities are linked to the WebKit and JavaScriptCore engines and could be exploited through malicious websites or emails, potentially allowing attackers to execute arbitrary code and install malware on devices.
The vulnerabilities, identified as CVE-2024-44308 (JavaScriptCore vulnerability) and CVE-2024-44309 (WebKit vulnerability), were discovered by Google's Threat Analysis Group. This discovery suggests a possible connection to state-sponsored hacking activities. Apple strongly advises users to promptly update to macOS Sequoia 15.1.1 and the latest versions of iOS and iPadOS to mitigate security risks.#Apple #SecurityUpdate #ZeroDay #Vulnerabilities #Mac #Intel #WebKit #JavaScriptCore #CVE202444308 #CVE202444309 #Malware #CyberSecurity
π Zilliqa Issues Security Update Following Attack
#Zilliqa #XBridge #zETH #ZilSwap #securityupdate #cryptocurrency #liquidity #ZIL
According to Odaily, Zilliqa has released a security update on XBridge, addressing a recent attack. The team confirmed that zETH sold on ZilSwap originated from a portion of the attack. As a precaution, users are advised not to trade any zETH on ZilSwap and to immediately remove any liquidity from the zETH pool. The investigation is ongoing, and further updates will be provided as more information becomes available.#Zilliqa #XBridge #zETH #ZilSwap #securityupdate #cryptocurrency #liquidity #ZIL
π XRP Ledger Foundation Urges Update Due to Potential Vulnerability
#XRP #XRPledger #vulnerability #securityupdate #JavaScript #malwareresearch #supplychainattack #AikidoSecurity
According to Odaily, the XRP Ledger Foundation has identified a potential vulnerability in the latest version of the XRPL JavaScript library used for building applications. The foundation is urging affected projects to update to the patched version of the code. This issue was discovered by Charlie Eriksen, a malware researcher at Aikido Security, who warned that the 'backdoor' could lead to a 'potentially catastrophic' supply chain attack.#XRP #XRPledger #vulnerability #securityupdate #JavaScript #malwareresearch #supplychainattack #AikidoSecurity
π Hackers Exploit DevOps Tool Vulnerabilities for Cryptocurrency Mining
#Hackers #DevOps #Cybersecurity #Cryptocurrency #Mining #Vulnerabilities #CloudSecurity #ConfigurationManagement #XMRig #SecurityUpdate #API #HashiCorp #Docker #Gitea
According to PANews, security firm Wiz has identified a hacker group, codenamed JINX-0132, that is exploiting configuration vulnerabilities in DevOps tools for large-scale cryptocurrency mining attacks. The tools targeted include HashiCorp Nomad/Consul, Docker API, and Gitea, with approximately 25% of cloud environments at risk.
The attack methods involve deploying XMRig mining software using Nomad's default configuration, executing malicious scripts through unauthorized Consul API access, and controlling exposed Docker APIs to create mining containers. Wiz's data indicates that 5% of DevOps tools are directly exposed to the public internet, with 30% having configuration flaws.
Security teams recommend users promptly update software, disable unnecessary features, and restrict API access permissions to mitigate risks. This attack highlights the importance of cloud environment configuration management. Despite warnings from HashiCorp's official documentation about related risks, many users have not enabled basic security features. Experts emphasize that simple configuration adjustments can prevent most automated attacks.#Hackers #DevOps #Cybersecurity #Cryptocurrency #Mining #Vulnerabilities #CloudSecurity #ConfigurationManagement #XMRig #SecurityUpdate #API #HashiCorp #Docker #Gitea
π Microsoft Releases Emergency Patches for SharePoint Vulnerabilities
#Microsoft #SharePoint #Vulnerabilities #Cybersecurity #EmergencyPatches #SpoofingAttacks #SecurityUpdate #CISA #RemoteCodeExecution #DataSecurity #OnPremises #ToolShell #Exploitation #PatchManagement #CVE #SecurityLapses #FederalSecurity
According to Cointelegraph, Microsoft has issued urgent security patches to address zero-day vulnerabilities in its SharePoint work management software. These vulnerabilities have led to spoofing attacks, compromising sensitive data and passwords across governments, businesses, and universities globally. The company acknowledged ongoing attacks targeting on-premises SharePoint Server customers, partially mitigated by the July Security Update.
The affected software includes on-premises versions of SharePoint, excluding the cloud-based SharePoint 365. Microsoft has released cumulative patches for "SharePoint Server Subscription Edition," "SharePoint Server 2019," and "SharePoint Server 2016." The vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, were detailed in a blog post by Netherlands-based Eye Security, which described them as a "large-scale exploitation of a new SharePoint remote code execution." Eye Security reported four waves of attacks by Saturday, with numerous systems compromised.
The Cybersecurity and Infrastructure Security Agency (CISA) highlighted the use of ToolShell in these attacks, enabling malicious actors to access SharePoint content, including file systems and internal configurations, and execute code over the network. Microsoft's SharePoint product page notes that over 200,000 organizations and 190 million people utilize the software for content management, team sites, and intranets, though these figures may include users of the unaffected cloud-based version.
Microsoft has faced criticism for security lapses in the past, including a Windows 10 vulnerability introduced by a security update, similar to the current SharePoint issues. In 2024, the company was scrutinized by the United States Congress over security vulnerabilities that endangered federal officials' email accounts. U.S. President Donald Trump was involved in discussions regarding these security concerns. Microsoft's ongoing efforts to enhance cybersecurity remain crucial as it navigates these challenges.#Microsoft #SharePoint #Vulnerabilities #Cybersecurity #EmergencyPatches #SpoofingAttacks #SecurityUpdate #CISA #RemoteCodeExecution #DataSecurity #OnPremises #ToolShell #Exploitation #PatchManagement #CVE #SecurityLapses #FederalSecurity
π iOS Releases Critical Security Update to Address Zero-Day Vulnerability
#iOS #SecurityUpdate #ZeroDayVulnerability #Version1862 #Cybersecurity
According to BlockBeats, iOS has released a significant security update, version 18.6.2. Technical expert Ryan Naraine has analyzed that this update addresses a zero-day vulnerability that had been actively exploited.#iOS #SecurityUpdate #ZeroDayVulnerability #Version1862 #Cybersecurity
π Apple Releases Security Update to Address Critical Vulnerability
#Apple #SecurityUpdate #CVE202543300 #iOS #iPadOS #macOS #ImageIO #Cybersecurity #UpdateYourDevice #ProtectYourData
According to BlockBeats, Apple has issued a security update on August 20, 2025, to fix the CVE-2025-43300 vulnerability affecting iOS, iPadOS, and macOS systems. This out-of-bounds write vulnerability is located in Apple's ImageIO framework. It allows attackers to potentially execute remote code by processing malicious image files, leading to memory corruption. Apple has resolved this issue by enhancing boundary checks. The vulnerability has reportedly been exploited in highly sophisticated attacks targeting specific individuals.
BlockBeats advises all Apple users to update their devices promptly to safeguard against potential threats. Keeping device systems updated is crucial for preventing cyberattacks and ensuring the security of personal information.#Apple #SecurityUpdate #CVE202543300 #iOS #iPadOS #macOS #ImageIO #Cybersecurity #UpdateYourDevice #ProtectYourData
π Unity Technology Addresses Security Vulnerability in Gaming Engine
#Unity #SecurityPatch #GamingEngine #CryptoSecurity #AndroidVulnerability #MobileGames #SecurityUpdate #Developers #GamingIndustry #PatchUpdate #Cybersecurity #RealTimeGames #GameDevelopment #UnityEngine #MalwareProtection #GameSecurity
According to Cointelegraph, Unity Technology has released a security patch to address a vulnerability in its gaming engine that posed potential risks to crypto users. The flaw, discovered in June, allowed third-party code execution in Android-based mobile games. Unity's director of community, Larry βMajor Nelsonβ Hryb, issued a security advisory detailing the vulnerability, which could enable local code execution and access to confidential information on devices running Unity-built applications. He assured that there has been no evidence of exploitation or impact on users.
Unity's security update comes after Cointelegraph reported the vulnerability, which affects projects dating back to 2017 and targets Android platforms, as well as games on Windows, macOS, and Linux. A Google spokesperson emphasized the importance of developers updating their apps with the available patch. Unity has urged developers to download the patched Unity Editor update, rebuild released games, and republish them to ensure user safety. Mobile gamers are advised to keep devices updated, enable automatic updates, and maintain current antivirus software.
GMO Flatt Security researcher βRyotaKβ highlighted the vulnerability's potential for malicious applications to hijack permissions granted to Unity applications, allowing remote execution of arbitrary code. Microsoft also issued a security alert, stating that Windows game development teams are updating affected games and applications, while console games remain unaffected. Windows Defender has been updated to enhance protection, and Android anti-malware systems have been strengthened.
In response to the vulnerability, game developers like Obsidian Entertainment have temporarily removed several games from digital storefronts to implement the fix. Unity, a leading platform for creating real-time games and apps across multiple platforms, powers over 70% of the top thousand mobile games. The company continues to work with developers to ensure the security and integrity of their applications.#Unity #SecurityPatch #GamingEngine #CryptoSecurity #AndroidVulnerability #MobileGames #SecurityUpdate #Developers #GamingIndustry #PatchUpdate #Cybersecurity #RealTimeGames #GameDevelopment #UnityEngine #MalwareProtection #GameSecurity
π BNB Chain Projects Unaffected by Recent Balance Protocol Vulnerability
#BNBChain #BalanceProtocol #SecurityUpdate #Vulnerability #ForkedProjects #PrecautionaryMeasures
According to Foresight News, the BNB Chain security update indicates that no BNB Chain projects have been impacted by the recent Balance protocol vulnerability. It advises any forked projects to remain highly vigilant and consider halting operations as a precautionary measure.#BNBChain #BalanceProtocol #SecurityUpdate #Vulnerability #ForkedProjects #PrecautionaryMeasures
π Fusion Releases Security Update Following Arbitrum Vault Vulnerability
#Fusion #SecurityUpdate #Arbitrum #IPOR #USDC #Vulnerability #CryptoSecurity #DAO #Blockchain #DeFi
According to Odaily, Fusion has issued a security update in response to a vulnerability discovered in the IPOR USDC Fusion Optimizer, specifically affecting the Arbitrum Vault. The IPOR team was notified of the issue on January 6, revealing a flaw that resulted in a loss of $336,000 in USDC. This vulnerability targeted a specific older version of the Fusion Vault, which, due to its unique configuration, was the only vault susceptible to this particular attack. The loss represents less than 1% of the total funds guaranteed by Fusion. Efforts are underway in collaboration with the Security Alliance to track and recover the funds. The IPOR DAO plans to cover the financial shortfall from its treasury, ensuring that all affected depositors receive full compensation.#Fusion #SecurityUpdate #Arbitrum #IPOR #USDC #Vulnerability #CryptoSecurity #DAO #Blockchain #DeFi