Rogue Developer Infects Widely Used NodeJS Module to Steal Bitcoins

A widely used third-party NodeJS module with nearly 2 million downloads a week was compromised after one of its open-source contributor gone rogue, who infected it with a malicious code that was programmed to steal funds stored in Bitcoin wallet apps. The Node.js library in question is...

insight.bitpay.com XSS vulnerability

Open Bug Bounty ID: OBB-636340 Description| Value ---|--- Affected Website:| insight.bitpay.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

GHSA-8P2P-P8MG-X3CW Insight API transaction broadcast endpoint can result in Full Path Disclosure

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...

Bitpay/insight-api Insight-api transaction broadcast endpoint input validation vulnerability

Bitpay/insight-api Insight-api is a Bitpay payment software program that uses Bitcoin. transaction broadcast endpoint is one of the payment terminals. An input validation vulnerability exists in the transaction broadcast endpoint in Bitpay/insight-api Insight-api version 5.0.0 and earlier. An...

CVE-2018-1000023

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...

Input validation

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...

CVE-2018-1000023

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request...

CVE-2018-1000023

Summary: Bitpay/Insight-api’s Insight-api (versions ≤ 5.0.0) contains a CWE-20 input validation vulnerability in the transaction broadcast endpoint that can disclose full filesystem paths. The issue is described as exploitable via a Web request. The affected product is Bitpay/Insight-api Insight-...

Microsoft Quietly Stops Accepting Bitcoin in Windows Store

Microsoft reckoned Bitcoin was the future of payment system and added it as a payment option for Windows store at the end of 2014, but the company has silently pulled support for Bitcoin in the Windows 10 Store. In November 2014, Microsoft struck a deal with third-party bitcoin payment processor...