Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a use...

CVE-2025-66692

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-66692

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-66692

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

Buffer Over-read

Overview @trustwallet/wallet-core is a mobile-focused library implementing low-level cryptographic wallet functionality for a high number of blockchains Affected versions of this package are vulnerable to Buffer Over-read via the verify function. An attacker can cause the application to crash or...

CVE-2025-66692

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-3650

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

Trust Wallet Core security vulnerability

Trust Wallet Core is an open-source, cross-platform, mobile-centric library developed by Trust Wallet. Versions of Trust Wallet Core prior to 5668c67 contained a security vulnerability. This vulnerability stemmed from an excessive buffer read in the PublicKey::verify method, which could lead to...

CVE-2025-66692

CVE-2025-66692 affects Binance - Trust Wallet Core. A buffer over-read in PublicKey::verify() prior to commit 5668c67 enables DoS via crafted input. Affected: Trust Wallet Core library; root cause: buffer over-read in verify(). Remediation: upgrade wallet-core to 4.4.0+ (e.g., 4.4.0 or newer). Ex...

CVE-2025-66692

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2025-66692

A buffer over-read in the PublicKey::verify method of Binance - Trust Wallet Core before commit 5668c67 allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

Snipping the Long Tail of Shai-Hulud 2.0

Wiz Research reveals the data behind Shai-Hulud's 2.0 long tail, the massive gap in cloud credential rotation, a potential link to the Trust Wallet incident, and how we finally "snipped the tail" on a month of ongoing infections...

Trust Wallet Chrome Extension Breach Caused $7 Million Crypto Loss via Malicious Code

Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million. The issue, the multi‑chain, non‑custodial cryptocurrency wallet service said, impacts version 2.68. The...

EUVD-2025-19667

Malicious code in bioql PyPI...

EUVD-2023-35601

Malicious code in bioql PyPI...

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

A new Android malware called RatOn has evolved from a basic tool capable of conducting Near Field Communication NFC relay attacks to a sophisticated remote access trojan with Automated Transfer System ATS capabilities to conduct device fraud. "RatOn merges traditional overlay attacks with automat...

CVE-2025-52294

Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance...

CVE-2025-52294

Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance...

Trust Wallet 安全漏洞

Trust Wallet is a cryptocurrency wallet from Trust Wallet, Inc. A security vulnerability exists in Trust Wallet version v8.45, which stems from insufficient validation of the screen locking mechanism and could lead to bypassing the lock screen to view the wallet balance...