MAL-2025-10013 Malicious code in @zalastax/nolb-_fee (npm)

The package @zalastax/nolb-fee was found to contain malicious code...

Malicious code in cas-fee-demo (npm)

The package cas-fee-demo was found to contain malicious code...

Malicious code in @zalastax/nolb-_fee (npm)

The package @zalastax/nolb-fee was found to contain malicious code...

MAL-2025-16576 Malicious code in cas-fee-demo (npm)

The package cas-fee-demo was found to contain malicious code...

CVE-2025-54427

CVE-2025-54427 (Polkadot Frontier) : The vulnerability affects Polkadot Frontier’s note_min_gas_price_target intrinsic. Before commit a754b3d, the check_inherent function was not implemented, allowing the block producer to set the target gas price without verification. This input drives MinGasPri...

First-Spammed, First-Served: MEV Extraction on Fast-Finality Blockchains

This research analyzes the economics of spam-based arbitrage strategies on fast-finality blockchains. We begin by theoretically demonstrating that, splitting a profitable MEV opportunity into multiple small transactions is the optimal strategy for CEX-DEX arbitrageurs. We then empirically validat...

CVE-2025-5984

A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/add-fee.php. The manipulation of the argument txtamt leads to cross site scripting. The attack can be...

Unraveling Ethereum'S Mempool: the Impact of Fee Fairness, Transaction Prioritization, and Consensus Efficiency

Ethereum's transaction pool mempool dynamics and fee market efficiency critically affect transaction inclusion, validator workload, and overall network performance. This research empirically analyzes gas price variations, mempool clearance rates, and block finalization times in Ethereum's...

A week in security (May 26 – June 1)

Last week on Malwarebytes Labs: Porn sites probed for allegedly failing to prevent minors from accessing content Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts Deepfake-posting man faces huge $450,000 fine Fake AI video generator tools lure in...

New warning issued over toll fee scams

Over a year ago the FBI warned about what was then a new form of smishing phishing via SMS scam: text messages that demanded payment for toll fees. The FTC sent out a similar warning in January, 2025. Then, in April another wave of toll fee scams began doing the rounds. Now the Departments of Mot...

Transaction Fee Mechanism Design for Leaderless Blockchain Protocols

We initiate the study of transaction fee mechanism design for blockchain protocols in which multiple block producers contribute to the production of each block. Our contributions include: - We propose an extensive-form multi-stage game model to reason about the game theory of multi-proposer...

CVE-2023-1674

A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical. This issue affects some unknown processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. T...

CVE-2021-45698

An issue was discovered in the ckb crate before 0.40.0 for Rust. A getblocktemplate RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction...

Multiple Proposer Transaction Fee Mechanism Design: Robust Incentives against Censorship and Bribery

Censorship resistance is one of the core value proposition of blockchains. A recurring design pattern aimed at providing censorship resistance is enabling multiple proposers to contribute inputs into block construction. Notably, Fork-Choice Enforced Inclusion Lists FOCIL is proposed to be include...

A week in security (April 7 – April 13)

Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...

Toll fee scams are back and heading your way

Back in August 2024, we warned about a relatively new type of SMS phishing or smishing scam that was doing the rounds. Now a new wave of toll fee scams are working their way round the US. These attempts come as an unexpected text message linking to a website pretending to belong to one of the US...

VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics

A ransomware-as-a-service RaaS operation called VanHelsing has already claimed three victims since it launched on March 7, 2025, demanding ransoms as high as $500,000. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit...

Malicious code in gas-fee-saver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 904ff1206c8caf54d8e6e4625ec9690c0925700de436af0685916b90e17003ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2104 Malicious code in gas-fee-saver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 904ff1206c8caf54d8e6e4625ec9690c0925700de436af0685916b90e17003ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-2674

A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file adminclass.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has be...