Most likely would be downgraded to medium or low due to ,unlikely scenario, requiring interaction etc. so nah not an easy 4k 😂

TL;DR: A dev machine of Safe was compromised. This allowed access to AWS and their S3 bucket. A malicious JavaScript was pushed to the bucket and eventually distributed. The malicious JS code targeted specifically the Bybit contract address. The JS code changes the content of the

This statement is contradictory and slightly misleading. The frontend of the Safe UI WAS actually compromised, as they confirmed a developer at Safe{Wallet} had their computer hacked. I guess technically, their frontend "had no vulnerabilities," but was compromised.

how to gain code execution on millions of people and hundreds of popular apps and of course, firebase was (partially) the cause kibty.town/blog/todesktop/

😺 Cat's out of the bag We've updated our blog post on the `tj-actions` / `reviewdog` incident to disclose the target. We also have new details on the root cause of the `reviewdog` element. h/t Shay Berkovich for a ton of leg work here

webapp hackers watching every company switch to "vibe coders"

> tornado cash no longer sanctioned > cuts to CISA > fbi getting salad tossed > companies hiring "vibe coders" threat actors:

Yeah, I reported address bar spoofing to them 2 months ago. It was also $100, but I declined the generous offer because they wanted to sign a contract that sounded like an NDA. Still not fixed btw.

On my way to offensivecon :)

Arrived

Last September our team disclosed a *live*, critical vulnerability on Bedrock. The report was responsibly shared to both Bedrock | BR is LIVE and Security Alliance Unfortunately, the report was leaked and the vulnerability was exploited for $2m by a former employee of a Seal member org ↓

lolz