Lucene search
K

37 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in traders-platform-library (npm)

The package traders-platform-library was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-37133 Malicious code in traders-platform-library (npm)

The package traders-platform-library was found to contain malicious code...

7.2AI score
Exploits0
hivepro
hivepro
added 2024/02/19 5:35 a.m.44 views

Water Hydra Exploits CVE-2024-21412 to Target Financial Traders

Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving atta...

5.8CVSS7AI score0.95443EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/02/14 7:33 a.m.68 views

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...

8.1CVSS8.2AI score0.95443EPSS
Exploits2
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/02/13 12:0 a.m.45 views

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative...

8.1CVSS9.6AI score0.95443EPSS
Exploits2
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/02/13 12:0 a.m.56 views

CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day

The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day...

5.8CVSS8.5AI score0.95443EPSS
Exploits2
Openbugbounty
Openbugbounty
added 2024/01/23 8:16 p.m.8 views

tradersparisbourse.fr Cross Site Scripting vulnerability OBB-3841758

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
HackRead
HackRead
added 2023/12/14 1:17 p.m.13 views

InsideBitcoins Review – Best Platform To Catch Up on Crypto News?

By Owais Sultan The volatile state the crypto market is in has made it a requirement for investors and traders to… This is a post from HackRead.com Read the original post: InsideBitcoins Review - Best Platform To Catch Up on Crypto News?...

7.3AI score
Exploits0
HackRead
HackRead
added 2023/08/25 3:53 p.m.21 views

WinRAR users update your software as 0-day vulnerability is found

By Habiba Rashid The 0-day vulnerability in WinRAR, which has been exploited, is targeting traders and has successfully stolen funds from 130 victims so far. This is a post from HackRead.com Read the original post: WinRAR users update your software as 0-day vulnerability is found...

6.9AI score
Exploits0
hivepro
hivepro
added 2023/08/25 8:16 a.m.53 views

WinRAR Zero-Day Exploit Targeting Traders Since April

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-38831 in WinRAR, allowing hackers to install malware through manipulated archives, exposing users to hidden malicious scripts and potential cyberattacks. To...

4.4CVSS6.3AI score0.97798EPSS
Exploits49
The Hacker News
The Hacker News
added 2023/08/24 11:12 a.m.82 views

WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders

A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch...

6.9AI score0.97798EPSS
Exploits50
The Hacker News
The Hacker News
added 2023/06/09 1:37 p.m.7 views

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an...

9.3CVSS7AI score0.99374EPSS
Exploits62
The Hacker News
The Hacker News
added 2023/06/09 1:37 p.m.72 views

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an...

9.3CVSS6.8AI score0.99374EPSS
Exploits62
Code423n4
Code423n4
added 2023/06/08 12:0 a.m.4 views

Custom redemption can be used to get more than RToken value, when an upwards depeg occurs

Lines of code Vulnerability details Custom redemption allows to redeem RToken in exchange of a mix of previous baskets as long as it's not more than the prorata share of the redeemer. The assumption is that previous baskets aren't worth more than the target value of the basket. However, a previou...

6.7AI score
Exploits0
HackRead
HackRead
added 2023/05/25 12:36 p.m.11 views

How Cross-Chain DEXes are Democratizing the Crypto Market?

By Owais Sultan In this article, we will explore how cross-chain DEXes are revolutionizing the crypto market and levelling the playing field for traders of all backgrounds. This is a post from HackRead.com Read the original post: How Cross-Chain DEXes are Democratizing the Crypto Market?...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/20 12:0 a.m.11 views

SwingTraderManager.addSwingTrader() shouldn't push the traderId to activeTraders array if active = false.

Lines of code Vulnerability details Impact After adding an inactive trader using addSwingTrader, activeTraders array will contain an inactive trader. Furthermore, if the inactive trader is toggled to active using toggleTraderActive, activeTraders array will contain the trader twice and the main...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/19 12:0 a.m.10 views

SwingTraderManager.addSwingTrader will push traderId with active = false to activeTraders

Lines of code Vulnerability details Impact In SwingTraderManager.addSwingTrader, if active = false, the traderId is also pushed to activeTraders. function addSwingTrader uint256 traderId, address swingTrader, bool active, string calldata name external onlyRoleMaltADMINROLE, "Must have admin privs...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.9 views

Wrong update of stoploss in TradingExtension._limitClose()

Lines of code Vulnerability details Impact TradingExtension.limitClose returns a wrong stoploss which is favorable for users and it would be a significant loss for the protocol. Proof of Concept TradingExtension.limitClose is used to set takeprofit/stoploss prices for the pending order and execut...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.8 views

Protocol is not able to account for baseTokens generating yield

Lines of code Vulnerability details Impact The protocol's logic is based on the assumption that, while deposited, the underlying baseTokens will generate yield, which accrues to the Traders holding Collateral Tokens. However, there is no mechanism in Collateral.sol to allow it to account for this...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/11/14 12:43 p.m.8 views

satratraders.in Cross Site Scripting vulnerability OBB-3054690

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder