Experts Uncover Campaign Stealing Cryptocurrency from Android and iPhone Users

Researchers have blown the lid off a sophisticated malicious scheme primarily targeting Chinese users via copycat apps on Android and iOS that mimic legitimate digital wallet services to siphon cryptocurrency funds. "These malicious apps were able to steal victims' secret seed phrases by...

External XML Entity (XXE) Attacks

ignite-core is vulnerable external XML entity XXE attacks. The update notifier component sends sensitive system data over an unsecured HTTP connection. Since TLS is not used man-in-the-middle MitM attacks also possible. Attackers can alter the response coming from the server the information is se...