Booleanaire
@0xbool
Shokunin at @KahuLabs_ , Security Researcher, Dog Father
You might like
We announced the Critical Research Lab this week. And for our FIRST post, we got @J0R1AN's: - Exploiting Web Worker XSS with Blobs Go check it out! lab.ctbb.show/research/Explo…
lab.ctbb.show
Exploiting Web Worker XSS with Blobs
Ways to turn XSS in a Web Worker into full XSS, covering known tricks and a new generic exploit using Blob URLs with the Drag and Drop API
The @GoogleVRP blog has this amazing table. It's perfect for understanding some security boundaries and defenses and a good checklist to use for testing targets. bughunters.google.com/blog/664431627…
Key Events This Week: 1. August Retail Sales data - Tuesday 2. Fed Interest Rate Decision - Wednesday 3. FOMC Press Conference - Wednesday 4. Fed Dot-Plot Projections - Wednesday 5. Philadelphia Fed Manufacturing Index - Thursday 6. Initial Jobless Claims data - Thursday…
A next-generation HTTP stealth proxy which perfectly cloaks requests as the Chrome browser across all layers of the stack. github.com/mandatoryprogr…
Federal government employment is plummeting: Federal jobs have declined -94,000 since December 2024, to 2.92 million, the lowest since May 2023. This marks the biggest 8-month drop since the 1950s. Back in 1953, federal government employment fell by -160,000 as the economy…
BREAKING: Oracle, $ORCL, founder Larry Ellison gains +$107 billion in net worth today, making him the richest person in the world, worth $400 billion. Oracle's stock is now up +43% on the day.
Nasdaq has market cap around 53 bill. Hype fdv is around this. Still largely undervalued given the potential
if someone pencils in 250bps instead of 25bps (or 25% if you are Matt Yglesias) does Powell just let it fly or does he declare a clerical error?
Why Rate Cuts Often Signal Trouble Ahead 🧵 (not saying that’s the case now, just providing historical context for the uninformed) 1/ When the Fed cuts rates, markets often cheer. But history shows that cuts usually come after the economy is already weakening – and they often…
Metaplanet has finalized its international offering, upsized from 180M underwritten to 385M shares. Total raise: JPY 205B (~USD 1.4B). More Bitcoin purchases incoming.
A large-scale supply chain attack just hit the JS ecosystem. Package maintainers were targeted with a 2FA reset email from `npmjs.help`. It also (unsuccessfully) targeted @vercel employees. Read up on how we analyzed its impact and protected our customers.
Security update: On Sep 8, a supply chain attack compromised 18 high-profile npm packages (2B+ weekly downloads). Here are the steps we took to analyze the attack’s impact and protect our customers. vercel.com/blog/critical-…
Bitmine (@BitMNR) has further received 8,001 $ETH, worth $34.41M, from #Galaxy Digital. intel.arkm.com/explorer/entit…
According to @zachxbt, SwissBorg (@swissborg) was exploited for 192,623 $SOL ($41.1M). Later moved 2,100 $SOL ($451K) to a new address and deposited 100 $SOL into a #BitGet tagged address, on @nansen_ai. solscan.io/account/TYFWG3…
Lol
🚨 JUST IN: Lion Group Holding Ltd. is converting its $SOL and $SUI holdings into Hyperliquid ($HYPE).
The Blockstream app does not use JavaScript or NPM. The Blockstream app and Blockstream Jade are unaffected by the ongoing NPM JavaScript supply chain attack. As always, verify your send and receive addresses.
Blockstream Jade is unaffected by the NPM supply chain attack targeting JavaScript packages. Always confirm the exact send and receive address on your Jade screen before approving any transaction to avoid risks from address-swapping malware. Don't Trust. Verify.
There has been a total of $159 stolen so far in the NPM supply chain attack. These coins were sent to addresses tagged in the original write-up shared by Ledger’s CTO.
made a @arkham entity with all the attacker EVM wallets to track. intel.arkm.com/explorer/entit…
Other projects should also do this and publically announce their security strength like @aave
After reviewing our dependencies, we can confirm that app.aave.com is NOT affected by the recently publicized NPM package supply chain attack. No action is required from users.
After reviewing our dependencies, we can confirm that app.aave.com is NOT affected by the recently publicized NPM package supply chain attack. No action is required from users.
we are all operating far outside our design parameters - like a chipmunk duct taped to the front of a freight train - sure we can be scared, but wouldn't it be more badass to just spare a moment and take in the thrill of it all?
United States Trends
- 1. Epstein N/A
- 2. Jay Z N/A
- 3. Pusha N/A
- 4. Iron Lung N/A
- 5. #OPLive N/A
- 6. Mariah N/A
- 7. Marina N/A
- 8. Izzo N/A
- 9. Podz N/A
- 10. #questpit N/A
- 11. Bill Gates N/A
- 12. #VERZUZ N/A
- 13. Michael Watts N/A
- 14. #DragRace N/A
- 15. Pistons N/A
- 16. $Accelerando N/A
- 17. Hanoi Jane N/A
- 18. Hield N/A
- 19. SANTA FROST WARM SIGN N/A
- 20. Trenton N/A
You might like
Something went wrong.
Something went wrong.