#security News & Analysis
Coverage of #security spans 862 indexed articles, with 378 published in the last 30 days. Recent discussion leans bearish, at 49.7% negative sentiment versus 46.8% bullish, though sentiment has remained stable over the past month. Top sources include arXiv's computer science and AI research, along with cryptocurrency-focused outlets like Crypto Briefing and Blockonomi. The tag frequently intersects with #ai, #bitcoin, and geopolitical concerns, with Anthropic and Claude among the most-discussed entities. Bitcoin and Ethereum dominate ticker mentions in this coverage area. Explore the articles below to understand the full scope of recent #security developments.
A fake Ledger app on the Apple App Store drained $9.5 million in crypto
A fraudulent Ledger Live application was discovered on Apple's App Store, successfully impersonating the legitimate cryptocurrency wallet and draining approximately $9.5 million from dozens of users across multiple blockchains during a week-long phishing campaign before removal.
Why North Korea keeps stealing billions in crypto — out in the open
North Korea's cryptocurrency theft operations have evolved into a sophisticated, state-sponsored threat that operates with relative impunity despite international scrutiny. Security experts warn that the regime's unique position as a nation-state with fewer geopolitical constraints makes it fundamentally different from other cybercriminals, posing an escalating risk to crypto ecosystem security and stability.
Drift says $270 million exploit was a six-month North Korean intelligence operation
Drift exchange suffered a $270 million exploit orchestrated by North Korean intelligence operatives who conducted a sophisticated six-month social engineering campaign. The attackers posed as a legitimate trading firm, met Drift team members in person across multiple countries, and deposited $1 million of their own funds to establish credibility before executing the massive drain.
Whitehat hacker accuses Injective of ghosting after $500M bug disclosure
A pseudonymous security researcher has publicly accused Injective Protocol of offering an inadequate bounty payment and subsequently ghosting them after they disclosed a critical vulnerability that put $500 million at risk. The dispute highlights ongoing tensions between white hat hackers and DeFi protocols over appropriate bug bounty compensation.
Aave and CoW Swap publish dueling post-mortems after $50 million DeFi swap disaster
Aave and CoW Swap have released competing post-mortem reports following a $50 million DeFi swap disaster. CoW Swap's analysis reveals that a transaction initially submitted through a private RPC endpoint was leaked to the public mempool, contributing to the incident.
AWS Middle East disrupted after ‘objects struck datacenter’ amid Iran war
AWS Middle East data center operations were disrupted after objects reportedly struck the facility amid ongoing tensions related to the Iran conflict. The incident highlights infrastructure vulnerabilities for cloud services in geopolitically sensitive regions.
CRITICAL UPDATE Re: DAO Vulnerability
The DAO, a major Ethereum-based decentralized autonomous organization, is under attack through a recursive calling vulnerability that allows an attacker to drain ether into a child DAO. This represents a critical security breach affecting one of the most significant early DeFi experiments.
AI Snitches Get Glitches: Towards Evading Agentic Surveillance
Researchers introduce 'agentic surveillance'—the ability of AI agents to analyze data and send reports about users without consent—and create SurveilBench to evaluate this risk across models. The study demonstrates that surveillance can already be easily implemented while also developing prompt injection-based evasion techniques, raising urgent calls for technical and legislative safeguards.
LastPass customer info leaked again after third-party data breach
LastPass users face renewed security threats following another data breach involving a third-party vendor, with the password management company warning customers to be vigilant against phishing and social engineering attacks targeting their cryptocurrency and financial assets.
AOHP: An Open-Source OS-Level Agent Harness for Personalized, Efficient and Secure Interaction
Researchers introduce AOHP, an open-source OS-level agent harness built on Android that treats AI agents as first-class operating system actors. The framework addresses architectural gaps in current systems by enabling personalized service composition, efficient agent interfaces, and secure information flow, demonstrating significant improvements in task completion rates, execution costs, and security compliance.
Ethereum MEV Bot JaredFromSubway Threatens Legal Action After $7.5 Million Loss
The Ethereum MEV bot JaredFromSubway suffered a $7.5 million loss after being exploited through a series of transactions that compromised its trading logic. The incident highlights vulnerabilities in automated trading systems and raises questions about bot security in competitive MEV environments.
Texas Brothers Plead Guilty In $8M Crypto Kidnapping Case
Two Texas brothers pleaded guilty to federal charges involving an armed kidnapping and $8 million cryptocurrency theft in Minnesota. The case highlights the intersection of violent crime and digital asset theft, raising concerns about crypto security vulnerabilities and the targeting of high-net-worth individuals in the digital asset space.
XRP Community Targeted in New Scam Exploiting Fake Verification Messages on XRP Ledger
A scam targeting XRP Ledger users exploited fake verification messages to deceive holders into authorizing fraudulent transactions, resulting in thousands of XRP stolen. The incident highlights ongoing security vulnerabilities in the XRP ecosystem and the sophistication of social engineering attacks against cryptocurrency users.
Read this before you vibe-code another app
A project manager discovered a hidden SQL injection vulnerability in his AI-assisted website months after launch, highlighting critical security gaps in rapidly developed applications built with AI coding tools. The incident underscores a growing blind spot among developers adopting vibe-coding and similar rapid-development practices without rigorous security review.
















