37 matches found
Malicious code in traders-platform-library (npm)
The package traders-platform-library was found to contain malicious code...
MAL-2025-37133 Malicious code in traders-platform-library (npm)
The package traders-platform-library was found to contain malicious code...
Water Hydra Exploits CVE-2024-21412 to Target Financial Traders
Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving atta...
DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...
CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative...
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability CVE-2024-21412 in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day...
tradersparisbourse.fr Cross Site Scripting vulnerability OBB-3841758
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
InsideBitcoins Review – Best Platform To Catch Up on Crypto News?
By Owais Sultan The volatile state the crypto market is in has made it a requirement for investors and traders to… This is a post from HackRead.com Read the original post: InsideBitcoins Review - Best Platform To Catch Up on Crypto News?...
WinRAR users update your software as 0-day vulnerability is found
By Habiba Rashid The 0-day vulnerability in WinRAR, which has been exploited, is targeting traders and has successfully stolen funds from 130 victims so far. This is a post from HackRead.com Read the original post: WinRAR users update your software as 0-day vulnerability is found...
WinRAR Zero-Day Exploit Targeting Traders Since April
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The zero-day vulnerability CVE-2023-38831 in WinRAR, allowing hackers to install malware through manipulated archives, exposing users to hidden malicious scripts and potential cyberattacks. To...
WinRAR Security Flaw Exploited in Zero-Day Attacks to Target Traders
A recently patched security flaw in the popular WinRAR archiving software has been exploited as a zero-day since April 2023, new findings from Group-IB reveal. The vulnerability, cataloged as CVE-2023-38831, allows threat actors to spoof file extensions, thereby making it possible to launch...
Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions
The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an...
Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions
The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an...
Custom redemption can be used to get more than RToken value, when an upwards depeg occurs
Lines of code Vulnerability details Custom redemption allows to redeem RToken in exchange of a mix of previous baskets as long as it's not more than the prorata share of the redeemer. The assumption is that previous baskets aren't worth more than the target value of the basket. However, a previou...
How Cross-Chain DEXes are Democratizing the Crypto Market?
By Owais Sultan In this article, we will explore how cross-chain DEXes are revolutionizing the crypto market and levelling the playing field for traders of all backgrounds. This is a post from HackRead.com Read the original post: How Cross-Chain DEXes are Democratizing the Crypto Market?...
SwingTraderManager.addSwingTrader() shouldn't push the traderId to activeTraders array if active = false.
Lines of code Vulnerability details Impact After adding an inactive trader using addSwingTrader, activeTraders array will contain an inactive trader. Furthermore, if the inactive trader is toggled to active using toggleTraderActive, activeTraders array will contain the trader twice and the main...
SwingTraderManager.addSwingTrader will push traderId with active = false to activeTraders
Lines of code Vulnerability details Impact In SwingTraderManager.addSwingTrader, if active = false, the traderId is also pushed to activeTraders. function addSwingTrader uint256 traderId, address swingTrader, bool active, string calldata name external onlyRoleMaltADMINROLE, "Must have admin privs...
Wrong update of stoploss in TradingExtension._limitClose()
Lines of code Vulnerability details Impact TradingExtension.limitClose returns a wrong stoploss which is favorable for users and it would be a significant loss for the protocol. Proof of Concept TradingExtension.limitClose is used to set takeprofit/stoploss prices for the pending order and execut...
Protocol is not able to account for baseTokens generating yield
Lines of code Vulnerability details Impact The protocol's logic is based on the assumption that, while deposited, the underlying baseTokens will generate yield, which accrues to the Traders holding Collateral Tokens. However, there is no mechanism in Collateral.sol to allow it to account for this...
satratraders.in Cross Site Scripting vulnerability OBB-3054690
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...