Gravity Bridge Security Incident
DeFi / Crypto - $5.4 million gone from Gravity Bridge after an attacker minted worthless tokens on Osmosis, poisoned the token registry with a fabricated denom string, and walked out with real assets.…
Dxsale Security Incident
DeFi / Crypto - A 2021 DxSale locker, an unprotected admin key, $7.3 million gone. Decurity flagged the risk in 2023 for $500. Two compromised contracts holding $15.5 million remains untouched, for no…
Newmarkettrading
New Market Trading - RektThursday, May 28, 2026New Market Trading - Access Control Failure - Rekt $3.98 million drained from 88 Gnosis Safes across Ethereum, Base, and Arbitrum in under two hours, Not…
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions be…
Thorchain Rekt3
THORChain - Rekt IIIThursday, May 21, 2026THORChain - Rekt Three exploits in five years. Toss in a $200 million insolvency crisis. Sprinkle $1.2 billion in North Korean laundering on top. The relation…
Trustedvolumes Security Incident
TrustedVolumes - RektThursday, May 14, 2026TrustedVolumes - Authorization Failure - Rekt $5.87 million, one transaction, four assets drained before most of the security firms had finished typing their…
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and …
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor inten…
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use…
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS …
CVE Pending: SIGSEGV in oggenc 1.4.3 (vorbis-tools) via Crafted WAV File
A crafted WAV file triggers a null pointer dereference / segmentation fault (SIGSEGV) in oggenc 1.4.3, crashing the encoder unconditionally. No user interaction beyond passing the file to oggenc is required.
CVE: Unhandled IEEE754 Special Values in Wings3D 2.4.1 OBJ Parser
A crafted Wavefront OBJ file containing IEEE754 special float values causes Wings3D to crash immediately on import. Root cause: unhandled function_clause exception in the Erlang OBJ parser.
CVE: Uncontrolled Resource Consumption in Scribus 1.6.5
A crafted .sla project file with extreme numeric geometry values causes Scribus to enter an infinite loop during layout containment checking, consuming 99% CPU and triggering a system-wide memory pressure cascade.
CVE: Unsigned Firmware Update in Actions Semiconductor Platform
The firmware update tool performs zero cryptographic verification before flashing firmware over USB. An attacker with physical access can permanently compromise any affected device. Covers 12 USB Product IDs across multiple consumer brands.