y0news
AnalyticsDigestsSourcesTopicsRSSAICrypto

#vulnerability News & Analysis

124 articles tagged with #vulnerability. AI-curated summaries with sentiment analysis and key takeaways from 50+ sources.

124 articles
CryptoBearishcrypto.news · Apr 21🔥 8/10
⛓️

Cosmos researcher drops high‑severity CometBFT zero‑day securing over $8B

Security researcher Doyeon Park has publicly disclosed a critical zero-day vulnerability in CometBFT, the consensus mechanism underlying Cosmos blockchain infrastructure securing over $8 billion in value. The high-severity flaw can stall Cosmos chains and highlights significant disclosure gaps in cryptocurrency core infrastructure security practices.

Cosmos researcher drops high‑severity CometBFT zero‑day securing over $8B
AI × CryptoBearishCoinDesk · Apr 137/10
🤖

AI agents are set to power crypto payments, but a hidden flaw could expose wallets

Researchers have identified a critical vulnerability in AI infrastructure layers used for cryptocurrency payments, where intermediary systems can intercept sensitive wallet data. The flaw has reportedly enabled credential theft and at least one $500,000 wallet drain, exposing a significant security gap as AI agents become more integrated into crypto transaction systems.

AI agents are set to power crypto payments, but a hidden flaw could expose wallets
DeFiBearishProtos · Mar 167/10
💎

Whitehat hacker accuses Injective of ghosting after $500M bug disclosure

A pseudonymous security researcher has publicly accused Injective Protocol of offering an inadequate bounty payment and subsequently ghosting them after they disclosed a critical vulnerability that put $500 million at risk. The dispute highlights ongoing tensions between white hat hackers and DeFi protocols over appropriate bug bounty compensation.

Whitehat hacker accuses Injective of ghosting after $500M bug disclosure
CryptoBearishEthereum Foundation Blog · Sep 22🔥 8/101
⛓️

The Ethereum network is currently undergoing a DoS attack

The Ethereum network is experiencing a computational denial-of-service attack targeting miners and nodes through the EXTCODESIZE opcode. The attack exploits a vulnerability where certain blocks require excessive processing time despite low gas prices, causing network disruption.

$ETH
DeFiBearishEthereum Foundation Blog · Jun 17🔥 8/101
💎

CRITICAL UPDATE Re: DAO Vulnerability

The DAO, a major Ethereum-based decentralized autonomous organization, is under attack through a recursive calling vulnerability that allows an attacker to drain ether into a child DAO. This represents a critical security breach affecting one of the most significant early DeFi experiments.

$ETH
AIBearishCrypto Briefing · Jun 277/10
🧠

Amazon Q Developer flaw allows cloud credential theft via malicious repositories

A critical vulnerability in Amazon Q Developer enables attackers to steal cloud credentials through malicious code repositories, exposing organizations to potential data breaches and unauthorized cloud access. The flaw underscores broader security gaps in AI-assisted coding tools that lack adequate safeguards against supply chain attacks.

Amazon Q Developer flaw allows cloud credential theft via malicious repositories
AIBearisharXiv – CS AI · Jun 237/10
🧠

Exposing the Illusion of Erasure in Knowledge Editing for LLMs

A new research paper reveals critical vulnerabilities in Knowledge Editing (KE) techniques used to update facts in Large Language Models without retraining. The study demonstrates that edited knowledge is not truly erased but merely suppressed, and can be recovered through adversarial prompting, exposing fundamental flaws in current post-hoc update methods.

AIBearishSimon Willison Blog · Jun 227/10
🧠

Prompt Injection as Role Confusion

The article examines prompt injection attacks as a form of role confusion in AI systems, where malicious inputs manipulate language models into bypassing their intended constraints by exploiting how these models interpret conflicting instructions and contextual switching.

AIBearisharXiv – CS AI · Jun 117/10
🧠

Grammar-Constrained Decoding Can Jailbreak LLMs into Generating Malicious Code

Researchers have discovered that Grammar-Constrained Decoding (GCD), a technique used to improve code safety in Large Language Models, can actually be exploited as a jailbreak vector called CodeSpear. The study introduces CodeShield, a defensive alignment method that protects LLMs from generating malicious code even when attackers manipulate grammar constraints.

DeFiBearishCrypto Briefing · Jun 107/10
💎

Raydium reports $1.34M exploit on legacy AMM V3 program

Raydium, a major Solana-based automated market maker (AMM), suffered a $1.34M exploit targeting its legacy AMM V3 program. The incident underscores critical vulnerabilities in deprecated blockchain infrastructure and raises concerns about DeFi security standards across the industry.

Raydium reports $1.34M exploit on legacy AMM V3 program
GeneralBearishCrypto Briefing · Jun 107/10
📰

New Windows zero-day exploit RoguePlanet targets Microsoft Defender on fully patched systems

A new Windows zero-day exploit called RoguePlanet has been discovered that can bypass Microsoft Defender on fully patched systems, exposing a critical gap in Microsoft's security patching cycle. This vulnerability underscores persistent risks for Windows users despite regular security updates and highlights the ongoing challenge of defending against sophisticated exploits.

New Windows zero-day exploit RoguePlanet targets Microsoft Defender on fully patched systems
GeneralBearishCrypto Briefing · Jun 107/10
📰

ServiceNow patches vulnerability exploited against some customers

ServiceNow has patched a vulnerability that was actively exploited against some of its customers, raising concerns about the security posture of major SaaS providers. The incident underscores growing cybersecurity risks in cloud infrastructure and their potential impact on customer confidence and business continuity.

ServiceNow patches vulnerability exploited against some customers
AI × CryptoNeutralCrypto Briefing · Jun 87/10
🤖

AI helps uncover critical vulnerability in Zcash’s Orchard shielded pool

AI tools successfully identified a critical vulnerability in Zcash's Orchard shielded pool, demonstrating artificial intelligence's emerging capability to enhance cryptocurrency security audits. The discovery highlights both the potential for AI-driven vulnerability detection and the necessity for comprehensive human oversight in blockchain security protocols.

AI helps uncover critical vulnerability in Zcash’s Orchard shielded pool
CryptoBullishThe Block · Jun 87/10
⛓️

ZEC rebounds 42% as ZODL founder details two-step emergency upgrade

Zcash (ZEC) surged 42% following details from ZODL founder Josh Swihart regarding a two-step emergency upgrade that resolved a critical vulnerability in the Orchard shielded pool. The successful remediation and market recovery demonstrate investor confidence in the development team's ability to address security issues swiftly.

ZEC rebounds 42% as ZODL founder details two-step emergency upgrade
AIBearisharXiv – CS AI · Jun 87/10
🧠

Latent-space Attacks for Refusal Evasion in Language Models

Researchers have developed a new method called Controlled Latent-space Evasion that can bypass safety guardrails in language models by manipulating their internal representations more effectively than previous techniques. The attack reframes refusal suppression as an evasion problem against linear probes and achieves state-of-the-art success rates across 15 different models, highlighting a significant vulnerability in current AI safety alignment approaches.

CryptoBearishCrypto Briefing · Jun 77/10
⛓️

Security engineer Taylor Hornby adds Monero to audit queue after Zcash bug discovery

Security engineer Taylor Hornby has added Monero to his audit queue following the discovery of a critical bug in Zcash, highlighting growing concerns about vulnerabilities in privacy-focused cryptocurrencies. The incident underscores how security lapses can threaten token value and investor confidence in privacy coins, potentially driving increased demand for professional security audits in the sector.

Security engineer Taylor Hornby adds Monero to audit queue after Zcash bug discovery
AI × CryptoBearishBlockonomi · Jun 77/10
🤖

Zcash (ZEC) Plunges 40% as Critical Orchard Pool Vulnerability Comes to Light After 4 Years

Zcash experienced a 40% price decline following the disclosure and patching of a critical vulnerability in its Orchard privacy pool discovered after 4 years in production. The flaw was identified by AI systems with no evidence of exploitation in the wild, though the revelation has triggered significant market concerns about the security of privacy-focused cryptocurrency infrastructure.

CryptoBearishBlockonomi · Jun 67/10
⛓️

Zcash’s Orchard Vulnerability Leaves Users Unable to Verify ZEC Circulating Supply, Says Zooko Wilcox

Zcash founder Zooko Wilcox has confirmed that a vulnerability in the Orchard shielded pool prevents users from independently verifying whether the flaw was exploited to create counterfeit ZEC. The Ironwood upgrade will introduce a patched Orchard pool with turnstile mechanisms to prevent excess ZEC from migrating from the compromised pool, though Wilcox states exploitation remains unlikely.

AI × CryptoBearishCoinDesk · Jun 67/10
🤖

Researcher who found Zcash's bug with AI adds Monero to his audit queue

Security researcher Taylor Hornby, who discovered a critical vulnerability in Zcash's Orchard protocol using AI-assisted analysis, plans to audit other privacy coins including Monero. The Zcash flaw triggered a 38% price decline, highlighting the security risks in privacy-focused cryptocurrency implementations and the emerging role of AI in finding zero-day vulnerabilities.

Researcher who found Zcash's bug with AI adds Monero to his audit queue
AIBearishMIT Technology Review · Jun 57/10
🧠

The Download: AI hacking beyond Mythos, and chatbots’ impact on our brains

Attackers exploited Meta's AI customer support agent to compromise Instagram accounts, revealing critical security vulnerabilities in AI systems beyond existing frameworks like Mythos. The incident demonstrates that AI security requires comprehensive threat modeling across all deployment vectors, not just isolated technical safeguards.

CryptoBearishNewsBTC · Jun 57/10
⛓️

Arthur Hayes Dumps Entire Zcash Bag, Keeps WLD Bet Alive

Arthur Hayes' Maelstrom fund has exited its entire Zcash position following disclosure of a critical vulnerability in the Orchard privacy pool that could have enabled undetectable counterfeiting of ZEC tokens. While no exploitation occurred and the vulnerability was patched, the impossibility of cryptographically proving the exploit never happened contradicts Hayes' privacy-focused investment thesis, causing him to abandon his "Holy Trinity" trade strategy despite believing exploitation was unlikely.

Arthur Hayes Dumps Entire Zcash Bag, Keeps WLD Bet Alive
$WLD$NEAR🏢 OpenAI
CryptoBearishCrypto Briefing · Jun 57/10
⛓️

Zcash tumbles 50% as Hayes exits bag over unverifiable counterfeiting risk

Zcash experienced a significant 50% price decline following revelations of an unverifiable counterfeiting vulnerability and the exit of a major holder. The incident underscores fundamental security concerns within privacy-focused cryptocurrency systems and raises questions about the integrity of coin supply mechanisms that cannot be externally audited.

Zcash tumbles 50% as Hayes exits bag over unverifiable counterfeiting risk
CryptoBearishU.Today · Jun 5🔥 8/10
⛓️

Did Claude Just Kill Zcash (ZEC)?

Zcash (ZEC) experienced a severe 60% price decline following the discovery of a critical vulnerability that could have enabled attackers to create unlimited counterfeit tokens. The flaw represents a fundamental threat to the privacy coin's core value proposition and security model, triggering significant market losses.

🧠 Claude
GeneralBearishCrypto Briefing · Jun 47/10
📰

Microsoft fixes severe VS Code vulnerability enabling GitHub token theft

Microsoft released a critical security patch for Visual Studio Code addressing a severe vulnerability that could enable attackers to steal GitHub authentication tokens from developers. The swift remediation underscores the importance of security hardening in widely-used developer tools that serve as potential attack vectors for credential compromise.

Microsoft fixes severe VS Code vulnerability enabling GitHub token theft
Page 1 of 5Next →