This page collects WhisperX intelligence signals tagged #exploit. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Intelligence from the Nigerian crypto underworld indicates a new wave of sophisticated attacks targeting hardware wallet secure elements. A syndicate, believed to be operating with technical expertise sourced from individuals with prior experience in state-level electronics espionage, is exploiting subtle side-channel...
A critical security vulnerability has been publicly disclosed via a GitHub issue, posing a significant privilege escalation risk. The issue, classified with a CVSS score of 8.0 (CRITICAL), is categorized under CWE-269 (Improper Privilege Management) and OWASP A01:2021 (Broken Access Control). The flaw resides within an...
A security vulnerability has been identified in OpenClaw's security audit system. The helper function `hasExplicitProviderAccountConfig` (located in `src/security/audit-channel.ts`) uses the JavaScript `in` operator to check if a given `accountId` exists within the accounts configuration object. The `in` operator trave...
A Singapore court has intervened in a high-stakes crypto dispute, issuing a stop order against OneKey founder Wang Lei and an X user. The order prohibits them from making threatening or defamatory claims related to the contentious 2025 Resupply exploit. This legal action moves a bitter online conflict into a formal jud...
A major security breach has struck the Solana decentralized finance ecosystem, with the Drift Protocol exploited for upwards of $200 million. The incident, one of the largest in Solana's recent history, targets a core perpetual futures exchange, shaking confidence in the network's DeFi infrastructure. Initial reports i...
A critical cross-site scripting (XSS) vulnerability has been identified and validated within the Payara Server Admin Console. The flaw, tracked as CVE-2020-XXX, allows for the injection and execution of malicious scripts, posing a direct threat to administrative security. This is not a theoretical risk; a functional ex...
A critical zero-day vulnerability in Adobe's ubiquitous PDF software was actively exploited by hackers for months before the company issued a fix. The campaign, which targeted victims since at least November 2025, leveraged a previously unknown security flaw, allowing attackers to compromise systems through malicious P...
Ein neuer, ungepatchter Exploit ermöglicht es Angreifern, über einen Fehler in Microsofts Defender auf Windows-Systemen volle Systemrechte zu erlangen. Die Sicherheitslücke, die nun öffentlich von einem frustrierten Forscher veröffentlicht wurde, stellt eine unmittelbare Gefahr dar, da von Microsoft noch kein Patch ber...
Hackers are actively exploiting unpatched security vulnerabilities within Windows Defender, Microsoft's built-in antivirus software, to compromise organizations. This immediate threat stems from the public disclosure of exploit code for three specific flaws, transforming theoretical risks into live, weaponized attacks....
Une vulnérabilité dangereuse dans les logiciels Adobe est actuellement exploitée par des pirates pour diffuser des documents PDF malveillants. Un simple clic sur un fichier piégé peut suffire à compromettre un système. Adobe a réagi en publiant des mises à jour de sécurité urgentes pour corriger cette faille, soulignan...
A $291 million exploit targeting Kelp DAO's underlying infrastructure has ignited a severe liquidity crisis on Aave, one of DeFi's largest lending protocols. The attack triggered a massive wave of withdrawal requests, with users scrambling to pull funds from the platform, exposing the fragile interconnectedness of the ...
The decentralized finance (DeFi) sector is reeling from a $292 million exploit against liquid restaking platform KelpDAO, an attack that has triggered a massive $13 billion collapse in the total value locked (TVL) across the ecosystem. The incident has thrown the future viability of key DeFi protocols into immediate an...
The Arbitrum Security Council has executed an emergency freeze, locking $71.5 million worth of Ethereum directly linked to the recent $292 million exploit of liquid restaking platform KelpDAO. This decisive action, taken to prevent the movement of stolen funds, has ignited a fierce debate over the fundamental principle...
A staggering $293 million exploit against Kelp DAO has triggered a stark warning from Wall Street: the security failures plaguing decentralized finance could force major traditional banks to slam the brakes on their own blockchain ambitions. The incident, one of the largest crypto heists this year, is not just a DeFi p...
Palo Alto Networks has confirmed that threat actors are actively targeting a critical vulnerability in its PAN-OS software, with exploitation attempts dating back to April 9, 2026. The flaw, tracked as CVE-2026-0300, carries a CVSS score of 9.3 out of 10, placing it among the most severe security weaknesses affecting e...
A $293 million exploit targeting Kelp DAO has exposed critical vulnerabilities in third-party bridge and oracle infrastructure, sending shockwaves through decentralized finance and prompting an urgent infrastructure migration across multiple protocols. The attack has forced DeFi projects to reassess their reliance on e...
PoC kerentanan baru bernama DirtyFrag telah dipublikasikan di GitHub, menandai kelanjutan dari seri eksploitasi Linux yang sebelumnya diawali dengan CopyFail. Dua identifikasi CVE—CVE-2026-43284 dan CVE-2026-43500—tercantum dalam repositori yang diunggah oleh peneliti keamanan V4bel. Meskipun belum ada konfirmasi resmi...
LayerZero has issued a public apology for its handling of the Kelp DAO exploit, admitting fault in a single-verifier setup that represented a significant security failure. The cross-chain messaging protocol's acknowledgment comes alongside a previously undisclosed incident: a multisig signer used their production hardw...
Elastic Security Labs has disclosed two Linux kernel vulnerabilities dubbed "Copy Fail" and "DirtyFrag," both targeting the Linux page cache subsystem. The research reveals that these bugs are not merely theoretical—they have been observed in the wild, raising immediate concerns for security teams managing Linux infras...
A security researcher operating under the alias sgkdev has published a proof-of-concept exploit on GitHub targeting CVE-2026-31431, a page-cache vulnerability that circumvents container isolation boundaries. The exploit enables code execution within containers that share the same image layer, raising concerns about mul...