Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-4rmq-mc2c-r495: Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond

### Summary A state consistency bug in `x/costaking` can leave a BTC delegator with non-zero `ActiveSatoshis` (Phatom Stake) even after they have fully unbonded their BTC delegation, if their Finality Provider (FP) drops out of the active set in the exact same babylon block height. This creates a “phantom stake”: the delegator’s BTC capital is withdrawn, the FP is inactive, but costaking continues to treat the delegation as active BTC stake allowing ongoing rewards accrual without backing BTC. ### Impact An address can keep earning costaking rewards with zero BTC staked. Reported by @BottyBott.

ghsa
Open in Source
#git
Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defenses, infiltrate networks, maintain persistence, and operate undetected, raising serious concerns for

Prompt injection is a problem that may never be fixed, warns NCSC

The NCSC warns that prompt injection is unlikely to be mitigated in the same way SQL injection was. How do they compare?

SimpleX Chat X Account Hacked, Fake Site Promotes Crypto Wallet Scam

SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds.

EU fines X $140m, tied to verification rules that make impostor scams easier

The core problem persists: anyone can still buy a 'verified' checkmark from X, so don't take their authenticity for granted.

Deepfakes, AI resumes, and the growing threat of fake applicants

Attackers are blending automation, impersonation, and social engineering to get inside organizations. Here’s how to spot the signs.

New BYOVD loader behind DeadLock ransomware attack

Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks.

STAC6565 Targets Canada in 80% of Attacks as Gold Blade Deploys QWCrypt Ransomware

Canadian organizations have emerged as the focus of a targeted cyber campaign orchestrated by a threat activity cluster known as STAC6565. Cybersecurity company Sophos said it investigated almost 40 intrusions linked to the threat actor between February 2024 and August 2025. The campaign is assessed with high confidence to share overlaps with a hacking group known as Gold Blade, which is also

Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data

Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS Code) Marketplace that are designed to infect developer machines with stealer malware. The VS Code extensions masquerade as a premium dark theme and an artificial intelligence (AI)-powered coding assistant, but, in actuality, harbor covert functionality to download additional payloads, take

CVE-2025-64671: GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.