NutzBoot vulnerable to information disclosure

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

GHSA-QP56-QJ59-HJF8 NutzBoot vulnerable to information disclosure

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

EUVD-2025-199946

NutzBoot vulnerable to information disclosure...

CVE-2025-13804

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

CVE-2025-13804

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

CVE-2025-13804 nutzam NutzBoot Ethereum Wallet EthModule.java information disclosure

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

CVE-2025-13804

CVE-2025-13804 affects nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is the EthModule.java under NutzBoot’s Ethereum Wallet Handler. The root cause is described as an information disclosure vulnerability arising from manipulation of an unknown function in the EthModule.java file. The...

CVE-2025-13804 nutzam NutzBoot Ethereum Wallet EthModule.java information disclosure

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

PT-2025-48408

A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet Handler...

Fake Chrome Extension "Safery" Steals Ethereum Wallet Seed Phrases Using Sui Blockchain

Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases. The name of the extension is "Safery: Ethereum Wallet," with the threat actor describing it as a "secure wallet for managin...

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration's review of the novel legal and poli...

API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist

APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades. But the question now is: How can we flip the script and leverage their power to enhance security? Bybit might just have the answer. Bybit—one of the...

WordPress Ethereum Wallet Plugin < 4.10.6 is vulnerable to Cross Site Scripting (XSS)

Software Ethereum Wallet Type Plugin Vulnerable versions 4.10.6 Fixed in 4.10.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 12d0d0ea37bd Credits Rafie Muhammad Patchstack Requir...

Brave Software: UAF on JSEthereumProvider

A UAF Use After Free vulnerability was discovered in the renderer implementation of the Ethereum wallet. This vulnerability allowed an attacker to trigger a crash in the renderer process and potentially execute arbitrary code...

Sifchain: ETHEREUM_PRIVATE_KEY leaked

Summary: I found below private key for ethereum wallet leaked via public code in github repository ETHEREUMPRIVATEKEY="c87509a1c067bbde78beb793e6fa76530b6382a4c0241e5e4a9ec0a0f44dc0d3" Steps To Reproduce: You can find private key via below link :...

Oh, Crap! Someone Accidentally Triggered A Flaw That Locked Up $280 Million In Ethereum

Horrible news for some Ethereum users. About $300 million worth of Ether—the cryptocurrency unit that has become one of the most popular and increasingly valuable cryptocurrencies—from dozens of Ethereum wallets was permanently locked up today. Smart contract coding startup Parity Technologies,...