🚀 Monero Mining Malware Targets Thousands of Websites
#Monero #Mining #Malware #Cybersecurity #Cryptojacking #WebSecurity #XMR #Hackers #Ecommerce
According to BlockBeats, cybersecurity researchers from c/side have identified a resurgence of malicious Monero (XMR) mining software affecting numerous websites. This new wave of cryptojacking has infiltrated at least 3,500 sites, deploying hidden Monero mining scripts. Unlike traditional cryptojacking methods, these malicious programs evade detection by limiting CPU usage and concealing traffic within WebSocket streams. Hackers are employing a 'low-profile, slow-mining' strategy, specifically targeting unpatched websites and e-commerce servers.#Monero #Mining #Malware #Cybersecurity #Cryptojacking #WebSecurity #XMR #Hackers #Ecommerce
🚀 OpenClaw Releases Latest Version with Enhanced Features and Security
#OpenClaw #AI #OpenSource #Security #PDFAnalysis #SpeechToText #TelegramIntegration #BugFixes #ACP #PluginAPI #ZaloPersonal #JSRuntime #WebSecurity #Development
OpenClaw has launched version v2026.3.2 of its open-source AI Agent framework on March 3, introducing several new features, security enhancements, and over 150 bug fixes. According to BlockBeats, the update involved contributions from 93 developers. Key features include a native PDF analysis tool that supports Anthropic and Google as PDF processing backends, configurable extraction fallback strategies, and page/size limits. The SecretRef credential reference mechanism now extends to 64 targets, covering runtime collectors and the entire planning/execution/audit process, with unresolved references triggering immediate errors on active interfaces. Additionally, a new STT (speech-to-text) API allows audio file transcription through configured service providers, and Telegram message streaming defaults to "partial" mode for real-time previews. The provider directory now includes the MiniMax-M2.5-highspeed model.
The update introduces four disruptive changes: the default tool configuration for new installations shifts from a broad programming toolset to a "messaging" configuration; ACP scheduling is enabled by default; the plugin HTTP route registration API changes from registerHttpHandler to registerHttpRoute, requiring explicit authentication declaration; and Zalo Personal no longer relies on external CLI binaries, opting for a pure JS runtime instead. Security improvements address issues such as Gateway loopback WebSocket hardening, plugin route registration duplication prevention, pre-authentication parsing for webhooks, and protection against symbolic link escapes in skill workspaces.#OpenClaw #AI #OpenSource #Security #PDFAnalysis #SpeechToText #TelegramIntegration #BugFixes #ACP #PluginAPI #ZaloPersonal #JSRuntime #WebSecurity #Development
🚀 HypurrFi Investigates Potential Domain Hijacking, Advises Users to Avoid Website and App
#hypurrfi #defi #crypto #blockchain #cybersecurity #domainhijacking #security #websecurity #scamalert #fundsafety
HypurrFi has issued a warning to its users, advising them to refrain from using its website or lending application due to an ongoing investigation into a potential domain hijacking. According to NS3.AI, the protocol currently holds approximately $30 million in total value locked. Despite the investigation, the team has assured users that there is no immediate risk to their funds. Additionally, HypurrFi's social media channels remain secure and under the team's control.#hypurrfi #defi #crypto #blockchain #cybersecurity #domainhijacking #security #websecurity #scamalert #fundsafety