Hackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress Sites

A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic AMOS, Lumma, Rhadamanthys aka RADTHIEF, and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is...

bitcoin-harness (=0.1.0), bitcoin_rpc_client (>=0.5.0 <=0.6.1) +80 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.57)

openssl CARGO version =0.10.22, =0.5.0, =0.2.0, =0.0.0, =0.0.1, =0.3.3, =0.6.25, =0.1.0-alpha.0, =0.1.24, =0.37.0, =0.4.0, =0.37.0, =0.37.0, =0.38.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-Q445-7M23-QRMW...

MAL-2023-8688 Malicious code in blockchain-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a999a1b33fbea1c383e34a3e37196b2d9e96946685c3fbbff0720c1295e4bec1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in blockchain-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a999a1b33fbea1c383e34a3e37196b2d9e96946685c3fbbff0720c1295e4bec1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OpenZeppelin 输入验证错误漏洞

OpenZeppelin is a software application. A standard for secure blockchain applications. An input validation error vulnerability exists in OpenZeppelin Contracts versions 4.0.0 through 4.7.1, which stems from its susceptibility to being recovered by the ERC165 Checker instead of returning false...