Malicious code in npmjs_web3-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b691e4c1a13cf8174fdf8653d757594f18057650310bc89e376caa806602d3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Server-Side Request Forgery in Apeworx Web3.Py

CVE-2026-40072 SSRF Lab Hands-on local lab to demonstrate CVE...

Malicious code in @web-3d-tool/sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1e96a726cf0732113215b2026a7a59fc6bf471f86d34153fea3a0e32b275fb5 @web-3d-tool/sdk is a near-empty package trivial 35-byte index.js, empty author/description metadata whose only effect on install is to pull in a...

MAL-2026-4248 Malicious code in solna-web3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6076f4236301f997d420c7daba9b12c035fe2866fa9fa42f59be230b5e90350a Package name 'solna-web3' is a one-character typosquat of the popular '@solana/web3.js' drops the 'a' from 'solana'. The package's only real...

Bridging the Cybersecurity Gap between Web2 and Web3 - an Incident-Based Analysis of Organizational and Application-Level Security Failures

The rapid adoption of Web3 infrastructures has led to a growing number of security incidents affecting cryptocurrency exchanges, custody services and blockchain-based platforms. While existing research predominantly focuses on vulnerabilities in smart contracts and blockchain protocols, a...

web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

Summary web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these contract-supplied URLs directly after sender / data template substitution without any destination validation...

AI Future: The Leading International AI and Web3 Forum to Take Place in April

Moscow, Russia, 3rd April 2026, CyberNewswire...

Gaming Clans Become Growth Engine for Playnance Ecosystem

Playnance partners with KGeN, connecting its Web3 gaming ecosystem to 53M gamers and 30K clans through community-driven platforms...

OWASP Smart Contract Top 10

The OWASP Smart Contract Top 10: 2026 is a standard awareness document that aims to provide Web3 developers and security teams with insights into the top 10 vulnerabilities found in smart contracts. It is a sub‑project of the broader OWASP Smart Contract Security OWASP SCS initiative. It serves a...

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The...

003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +6604 more potentially affected by CVE-2025-57330 via web3-core-subscriptions (>=1.0.0-beta.27 <=3.0.0-rc.5)

web3-core-subscriptions NPM version =1.0.0-beta.27, =1.0.0, =0.0.3, =0.0.3, =0.0.31, =1.1.0, =0.9.9, =0.1.0, =0.1.1 - 55tools-block =1.0.0 - 55tools-block-ext =1.0.0 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2025-57330 Source advisory: SNYK:JS-WEB3CORESUBSCRIPTIONS-13110022...

Embedded Malicious Code

Overview color-string is a Parser and generator for CSS color strings Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicio...

Dynamic Spectrum Sharing Based on the Rentable NFT Standard ERC4907

Centralized Dynamic Spectrum Sharing DSS faces challenges like data security, high management costs, and limited scalability. To address these issues, a blockchain-based DSS scheme has been proposed in this paper. First, we utilize the ERC4907 standard to mint Non-Fungible Spectrum Tokens NFSTs...

VApps: Verifiable Applications at Internet Scale

Blockchain technology promises a decentralized, trustless, and interoperable infrastructure. However, widespread adoption remains hindered by issues such as limited scalability, high transaction costs, and the complexity of maintaining coherent verification logic across different blockchain layer...

PT-2023-31463 · Unknown · Foundation

Name of the Vulnerable Software and Affected Versions: Foundation platform version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation. The signed message lacks a nonce, which is a random number. This flaw may expos...