与「Attackers」相关的搜索结果

Palo Alto Networks says attackers are actively exploiting a GlobalProtect VPN vulnerability known as CVE-2026-0257. The bug affects certain GlobalProtect portal and gateway setups and lets attackers connect to a VPN without the usual login and authentication checks. Since GlobalProtect is typically exposed to the internet, a successful attack could give cybercriminals access to an organization’s internal network. Security researchers have already observed real-world attacks targeting vulnerable systems. If your organization uses GlobalProtect, check whether you are affected and install the latest security updates. Palo Alto Networks has released fixes for supported PAN-OS versions and urges customers to update as soon as possible. Security teams should also monitor VPN logs and investigate any unusual login activity or unexpected VPN connections.

Microsoft and security researcher Nightmare Eclipse are in a public fight over how security flaws should be handled. Over recent weeks, Nightmare Eclipse posted working exploit code online for several serious Windows bugs before Microsoft released fixes. The flaws affect major Windows security features like Microsoft Defender and BitLocker. The researcher says they first reported the problems privately but claims Microsoft ignored the reports, delayed responses, and shut down their bug reporting account. They then published the details and proof-of-concept code publicly. On May 27, Microsoft responded in a blog post, saying that releasing exploit code before patches are ready puts users at risk because attackers can immediately use it. Microsoft also warned it would continue legal action against those enabling cybercrime like Eclipse Nightmare Eclipse argues they went public because of slow fixes and poor treatment from Microsoft in the past.

🚨SlowMist TI Alert🚨 💸 Loss: 62.5 BNB & 1,195,918.92 JOE 🔍 Root Cause: Single-function reentrancy in `_removeLiquidityViaContract` – BNB sent via low-level `call` before updating `lpInfo[user].lpAmount`, allowing recursive calls. 📌 Attacker EOA: 0xaa761779945dcc5f26064fc6dcb36ffab6ac7610 📌 Attacker Contract: 0x31f81fcd91025728f24bd6f0e4efb156e345a4cf 📌 Vulnerable Proxy: 0xef0f12d08d66e76e1866e60f30a0daa578e00c04 📌 Vulnerable Implementation: 0xb12ce0a21f67a9fc3c8ad1c7dbc4b017b7e67319 Attackers exploited the delayed state write to repeatedly withdraw liquidity, netting 62.5 BNB and ~1.196M JOE via 25 reentrancy loops. Powered by #SlowMist#.AI

Microsoft Defender can now automatically isolate compromised devices during a cyberattack, helping security teams stop threats faster without manual intervention. If Defender detects a compromised device, it cuts the device off from the network automatically while still allowing remote investigation and remediation. This prevents attackers from spreading across the network, stealing data, or deploying ransomware. The new feature is part of Microsoft’s focus on automated threat response in Defender XDR. Security tools now take real-time action beyond detection and alerts to limit damage: >Automatically isolates compromised devices >Helps stop ransomware and lateral movement >Security teams retain remote access for investigation >Currently available as a preview in Microsoft Defender for Endpoint

PSA: I now consider *all* of DeFi unsafe. Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.

Some of my perspective on where the @ethereumfndn is going. First of all, this is only my own view. The board is not just me, and I have no extra special powers on the board that the other board members do not. @aerugoettinea is the one executing much of this transition. My input has been largely on technical questions. The board is in the process of expanding, and my own power within the org will continue to decrease, which is honestly what I want. The 2025 era brought many important improvements to EF and its ability to execute. Many issues were resolved, and EF continues to benefit from its improved efficiency and greater focus on concrete goals to this day. And so with those problems resolved, early this year, the largest remaining hole that I perceived was something different nagging at me: I would regularly spot people saying things like "vitalik says these beautiful things about ethereum needing to be decentralized, and have privacy, and be a sanctuary technology, but why do the EF's actions not reflect that?" Now, you may have been hearing something different. You may not have been sensing a feeling of crisis at all, and maybe were hearing people saying that finally we were taking execution and BD seriously and the main task for us is to keep going that way and be even better and faster. Then probably there is genuine difference between you and me, in what kinds of criticism I take most seriously, and what kinds of critics through their criticism are most able to make me feel pain. As an analogy, let's briefly switch over to a different domain. One belief you can have about Google is that it is a success story, and has brought a lot of good to humanity in organizing the world's information. Another belief you can have about Google is that they had a beautiful idealistic beginning, but at some point the corruption of mainstream corporate attitudes seeped in, and they slowly bit by bit completely abandoned the "don't be evil" slogan. My belief on Google specifically is probably somewhere between the two. BUT, if you had taken me back in time to ~2008, and offered me a button to press to make Google one or two standard deviations more "dogmatic", eg. give Richard Stallman permanent veto power over some key policies, I would immediately press it. Why? Because a choice for one company is not a choice for the world, or even one country. Google existed and exists in the context of a technology industry generally drifting away from early idealistic don't-be-evil roots and toward greed for financial gain, totalizing visions of accelerated superintelligence, infiltration by sociopaths, and craven capitulation to (or worse, active participation in) government pressure for ideological control, surveillance and war. And so *one company* doing something different, positioning itself to be what George Bernard Shaw calls the Unreasonable Man, resisting the trend of the times, would have been better for freedom, balance of power and stability of society as a whole, than *all* large companies bending to dominant trends. This is a part of my version of pluralism. This line of thinking is not just mine, but I also is not too far off from what Aya and others had in mind with the Mandate. Now how does this all get to the role of the EF? EF is not a "center of Ethereum", rather EF is "one node, with a defined purpose, alongside other nodes". We've always said that the EF should be the latter, but many in the Ethereum ecosystem (and even within the EF) wanted us to be the former. Now, we are taking action to ensure that we will be the latter. This is particularly important because EF is a limited organization, with limited resources and limited organizational capacity. The EF has only ~0.16% of all ETH (less than many other individual ETH holders), whereas among other blockchains it's common for "the central foundation" to have 10-50%. Fiscally, the EF was originally designed to fulfill a limited work scope defined in the token sale docs and other pre-launch materials (building the chain software; getting through Frontier, Homestead, Metropolis, Serenity), which was fully completed in 2022; it was not designed to be an eternal steward. And so today, the EF is choosing to use its remaining resources to pursue longevity over breadth (yes, this means we sell less ETH). The EF focuses *specifically* on those activities critical to the success of ethereum as a censorship/capture-resistant, open, private and secure system, that would not happen otherwise. This means making hard choices, and in some cases even activities that we highly approve of and people that we highly respect becoming outside of the EF. People of great technical talent, public respect and even alignment with the mission and CROPS being outside of the EF is in fact necessary if we want important tasks to be able to attract outside capital. This also means the EF taking opinionated stands culturally. This is all intended in cooperation with all other parts of ethereum. We recognize that many other parts of the ethereum world highly respect CROPS and related values. But highly respecting is not the same as choosing to specialize and totally dedicate to a domain (Compare in a different domain: I think reducing animal cruelty is important, and I like vegan food, but am not full unconditional vegan myself) EF is still in a transition period, and we expect its new long-term form to stabilize over the next few months. What are the guiding principles of this new form? Again, I am only one person, but I can give my answer from a technical perspective (there are also critical non-technical aspects). At the core, *Ethereum must be impressive*. We are living in an age of highly intelligent AI and all kinds of other technological acceleration. "Status quo EVM, with a hard fork or two a year to optimize for short-term needs of users" is not interesting. To some, "impressive" means: 250ms latency and 1M TPS. I think Ethereum trying to go that route is a mistake. Being as fast and as scalable as possible, and only a small epsilon more decentralized than the others, is a route to mediocrity, and if we try it we will lose. I think Ethereum should scale. But I think Ethereum should strive the hardest to be deeply impressive in a different dimension: the CROPS dimension. This means things like: * Provably bug-free Ethereum. This is a goal that all cybersecurity researchers would have thought is absurd and impossible, up until roughly 6 months ago. Now, it's on the cusp of being possible, thanks to AI-assisted formal verification. So we should be frontrunners in doing this. * Available chain consensus. Ethereum is, and with lean consensus will cotninue to be, the ONLY chain that has both (i) traditional-BFT style properties that it's safe under asynchrony up to a high level of fault tolerance, and (ii) the bitcoin PoW-style property that under synchrony it's safe up to 49% attackers. As far as I can tell, literally no other chain has this or is planning for it; bitcoin goes for (ii) only and most other chains go for (i) only. Some will remember I fought hard for this, Unreasonably insisting that it is not OK for ethereum to rely on social consensus and hard forks to rescue ethereum from 34% of nodes going offline. It's OK for chains like hyperledger, bnb, solana, tempo, etc. It's not OK for bitcoin or ethereum or eg. zcash. * Intermediary minimization. The fact that smart contract wallets, protocols like railgun, etc have to send transactions through intermediaries to get included onchain is honestly embarrassing, and it's a constant point of fragility. Hence the work on FOCIL and EIP-8141 (and 7701 and years of work before) to make transaction sending intermediary-minimized with public mempool and strong inclusion properties, in a truly general-purpose way, that covers not just eg. secp256r1, but also privacy protocols and much more. Kohaku is pushing intermediary minimization at the user layer, pulling Ethereum away from the dystopian status quo world where our wallets don't even verify the chain, send our private data out to a dozen third-party servers, and toward a brighter CROPS future. Some of these goals are Unreasonable - maybe Ethereum would be "fine" getting only 50% of the way - what if we depend on intermediaries, but make it easy to switch? But going 50% of the way would not make Ethereum Deeply Impressive in the CROPS way. So we push for 100%. Fortunately all these goals are compatible with high TPS, this is a major focus of research (esp. on scaling the state). Well-designed L2s can also help, especially L2s optimized for specific applications (eg. high-volume trading, privacy...). These goals are even compatible with significantly lower slot times, thanks to Raul's work on erasure-coded P2P, and many other optimizations. The most high-value "product" of the ethereum blockchain, financially speaking, is ETH the asset. Ethereum secures $250 billion of ETH. The types of properties of Ethereum that I mentioned above are very good for ETH the asset. Nearly 90% of my net worth is in ETH, and most of the remainder is ~$40m of onchain fiat of which every dollar has already been allocated for some open-source biotech or software or hardware initiative. That said, there are aspects of supporting ETH the asset - *necessary* aspects even - that are outside the scope of the EF. This is where we need other heroes (some of whom hold more ETH than the EF does) to step in and help. EF has been recently thinking more about how it will relate to other such organizations, and give them needed initial support. EF will be a smaller ship than in previous years, a more opinionated one - in some cases more opinionated in ways that might be difficult to comprehend - but a longer-lasting one, and one suited to making sure that ethereum brings something meaningful to the world. We are grateful to all those inside and outside the EF who are helping to make this happen.

Google has published exploit code for a security problem in Chromium, the engine used by browsers like Google Chrome, Microsoft Edge, Brave, and Opera. The problem is linked to the Fetch API feature, which helps websites handle background internet requests. Security researchers say hackers could misuse it to keep hidden connections active in a user’s browser, allowing attackers to send large amounts of traffic to websites or build browser-based botnets. What makes the situation especially concerning is that some browser sessions may continue maintaining these connections even after the browser or device has been restarted. Reports also indicate the vulnerability had been known internally for more than two years before proof-of-concept exploit code became public.

NVIDIA has released new updates for its RTX and GTX graphics cards that fix 15 security issues on Windows and Linux computers. The most serious problem is CVE-2026-24187, which affects Linux systems and could let attackers take control of your computer It affects RTX 50, 40, 30, and 20 series cards, plus GTX 16, 10, 900, and some GTX 700 cards. >Windows users with newer cards should install version 596.36 or higher >users with GTX 10, 900, or older GTX 700 cards should use version 582.53. >Linux users should get the latest fixed drivers from NVIDIA.

🚨 MistEye TI Alert 🚨 Based on recent intelligence, multiple high-frequency npm packages, including AntV and Echarts-for-react, as well as the durabletask Python SDK, have been compromised by Mini Shai-Hulud supply chain attacks. Notably: 1. May 19, 2026: The npm account atool (i@hust.cc) was compromised, allowing attackers to automatically publish 637 malicious versions across 317 packages within 22 minutes. 2. May 20, 2026 (Beijing Time): Within 35 minutes, attackers consecutively uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 at 00:19, 00:49, and 00:54, bypassing normal release controls and impersonating official Microsoft releases. Additionally, these two events—the large-scale GitHub token leaks (potentially exposing official repositories) and the Grafana Labs targeted ransom attack—are likely related to the Mini Shai-Hulud supply chain compromise: • GitHub token leaks: Evidence suggests some leaked tokens may have been used to access and potentially sell official GitHub repositories. The leaks were caused by a compromised employee device, which involved a polluted VS Code extension. • Grafana Labs attack (May 16, 2026): A cybercrime group gained unauthorized access to their GitHub repositories, downloaded the codebase, and issued a ransom demand under threat of data disclosure. Affected Components / Targets: • npm packages: AntV, Echarts-for-react, and other high-frequency components in the npm ecosystem. • Python packages: durabletask 1.4.1, 1.4.2, 1.4.3. • Developer credentials and secrets: GitHub PATs, npm Tokens, AWS Keys, Kubernetes Secrets, Vault Tokens, SSH keys, and over 90 types of local sensitive files. • GitHub repositories: internal codebases potentially accessible via leaked tokens. • Grafana Labs’ repositories (downloaded by attackers; ransom demanded). Potential Attacker Actions: • Immediate exfiltration of cloud and local credentials upon package installation or import. • Unauthorized access to internal repositories and sensitive cloud infrastructure. • Lateral movement across developer machines, CI/CD pipelines, and cloud workloads. • Sale and exploitation of leaked GitHub tokens. • Supply chain compromise affecting dependent projects and production systems. • Ransom demands and potential data disclosure threats against organizations, including open source platforms. Detection Methods: • Audit npm and PyPI dependencies for affected packages: • npm: npm ls --all • Python: pip list --outdated or pip show durabletask to confirm versions. • Inspect lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pipfile.lock) for malicious versions. • Review CI/CD pipelines and deployment logs for installation of compromised packages. • Monitor GitHub and cloud activity for unusual authentication events, including signs of leaked token usage. Mitigation Measures: • Immediately rotate all exposed GitHub, npm, PyPI, and cloud credentials. • Replace affected npm/PyPI packages with verified safe versions or freeze dependency versions. • Isolate potentially compromised systems and audit for credential theft or lateral movement. • Apply security patches and review post-compromise artifacts in CI/CD pipelines. Additional Recommendations: • Enable real-time monitoring and alerting for suspicious token or key usage. • Implement stricter dependency review policies and supply chain risk checks. • Educate teams to verify package authenticity before installation. • Monitor dark web or underground marketplaces for leaked credentials related to your organization. SlowMist will continue to track and monitor developments related to this incident, including potential new malicious releases or related exploits. MistEye has already pushed relevant threat intelligence to clients to help them proactively assess and mitigate risks.