code

Slow Fog's Yuxian stated on platform X that incidents of search engine poisoning involving fake Codex, Claude Code, and others have recently surged. It mentioned that it has previously warned multiple times about Google search results and its own services like Google Sites being exploited by black and gray market poisoning, but Google has not taken action against such obvious poisoning methods.

Bloomberg ETF analyst James Seyffart posted on platform X that Grayscale has submitted its third version of the BNB ETF S-1 amendment to the U.S. Securities and Exchange Commission (SEC), with the code GBNB, and the fees have not yet been announced.

According to the official announcement, Bitget will support the splitting of preSPAX tokens and adopt preSPCX as the new token code. The splitting ratio is 1:5, meaning that each preSPAX token can be split into 5 preSPCX tokens.According to the schedule, Bitget will temporarily remove the preSPAX/USDT spot trading pair on May 28 at 14:00 (UTC+8), and simultaneously suspend related unified account spot trading, spot strategy bots, and instant exchange functions. After the token split is completed, the preSPCX/USDT trading pair and instant exchange function will be opened on the same day at 17:00 (UTC+8). For more details, please refer to the Bitget official platform.

Security company Socket Security disclosed that a cryptocurrency theft operation named TrapDoor is launching active supply chain attacks in package repositories such as npm, PyPI, and Crates.io. A total of 34 malicious packages and 384 versions and components have been identified, with attackers continuously pushing new versions across various ecosystems.TrapDoor primarily targets developers in the cryptocurrency, DeFi, AI, and security fields, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, environment variables, and API keys. Socket detected that the median detection time for malicious versions was 5 minutes and 27 seconds, with the fastest detection occurring 58 seconds after release.

Bloomberg analyst James Seyffart posted on the X platform, revealing that Morgan Stanley has submitted a revised application for its Solana ETF, with the proposed trading code $MSOL. The management fee information has not yet been disclosed.

According to GoPlus monitoring, the hacker group TeamPCP claims to have obtained the source code from about 4,000 private repositories within GitHub and is selling it for $50,000 on underground forums, offering sample verification. If no one buys it, this batch of data may be publicly released for free later.Previously, GitHub officials confirmed that they are investigating the issue of "unauthorized access to internal repositories," suspecting that malicious VS Code/AI Coding plugins were installed on GitHub employee devices.

GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."

GitHub has officially stated that it is investigating an unauthorized access incident involving its internal code repository. GitHub claims that there is currently no evidence to suggest that customer data stored in enterprise, organization, or code repositories outside the GitHub platform has been affected, but the company is continuously monitoring its infrastructure to prevent further abnormal activities.GitHub stated that if it is later confirmed that user data or services are affected, it will notify customers through existing incident response and notification channels.

Vitalik Buterin published an article discussing the application prospects of Formal Verification in the field of blockchain security.The article points out that a new paradigm is emerging in Ethereum's cutting-edge research and development, where code is directly written using EVM bytecode, assembly, or Lean, and its correctness is verified using automatically checkable mathematical proofs in Lean. Researcher Yoichi Hirai refers to this paradigm as "the ultimate form of software development."Vitalik believes that AI-assisted formal verification is expected to enhance both code efficiency and security, particularly suitable for security core modules such as STARK, ZK-EVM, quantum-resistant signatures, and consensus algorithms.The article also emphasizes that formal verification is not a panacea and may still fail due to issues such as incomplete proof coverage, specification errors, and hardware side channels; in the future, software may differentiate into "security cores" and "non-security edges," with Ethereum becoming one of the important security cores.

The open-source data visualization tool Grafana stated on platform X that it recently discovered an unauthorized attacker had obtained a token that could access the Grafana Labs GitHub environment and used it to download the code repository.An investigation confirmed that this incident did not involve customer data or personal information leakage, and no impact on customer systems or business operations was found. After the incident, forensic analysis was immediately initiated, and it is believed that the source of the credential leak has been identified. Additional security measures have also been deployed to strengthen environmental protection.Furthermore, Grafana disclosed that the attacker attempted to demand a ransom to prevent the code repository from being made public, but the company ultimately decided to refuse to pay the ransom and will release more information about the incident review after the investigation is completed.

According to official news, the smart contract auditing platform Code4rena has announced that it will gradually cease operations, and the Web3 security company Immunefi will take over its clients and security researchers. Code4rena posted on social media that it has made the decision to shut down and stated that all ongoing competitions and bounty activities will be completed as usual, and existing collaborations will be "properly concluded." Immunefi stated that it will assist in migrating Code4rena's bounty projects, reward structures, and researchers to its platform.Code4rena is known for its "competitive auditing" model, where independent researchers compete to find vulnerabilities in smart contracts for rewards. This shutdown comes less than two years after blockchain security company Zellic acquired Code4rena in 2024. Previously, Code4rena raised $6 million from Paradigm in 2023 for auditing incentives and platform expansion.This shutdown comes at a difficult time for DeFi protocols and the security sector. Data from DefiLlama shows that there were over 20 crypto vulnerability incidents in April alone, setting a monthly record. JPMorgan analysts believe that ongoing DeFi security incidents are limiting major institutional investors from entering the market. Meanwhile, the total value locked in DeFi has decreased from about $160 billion in October to approximately $83 billion currently.

The OpenAI official status page shows that OpenAI is investigating multiple service outages, with the Codex 5.5 engine experiencing a high error rate, particularly affecting free users. All Codex users have also seen an increase in latency for gpt 5.5.In addition, the Realtime API's SIP/WebRTC process has experienced interruptions, which has been officially marked as "under investigation," and the related issues have persisted for several hours. The official website notes that the impact of the outage varies depending on subscription level and the models and features used.

According to Decrypt, Microsoft's threat intelligence department disclosed that attackers implanted malicious code into the Mistral AI package distributed through the PyPI platform. This malicious code automatically runs when developers use it on Linux systems, downloading a malicious file named transformers.pyz and executing it in the background, with the filename deliberately mimicking the widely used Hugging Face Transformers library to confuse users.Microsoft pointed out that this malware primarily steals developer login credentials and access tokens, and it avoids Russian systems. Some of the code can randomly delete device files located in Israel or Iran. This attack is related to the "Shai-Hulud" supply chain attack campaign that started in September. Mistral responded that investigations show the attack originated from compromised developer devices, and the company's infrastructure was not breached.

According to Protos, Bitcoin Core developers recently disclosed a high-risk vulnerability numbered CVE-2024-52911, which affects versions 0.14.1 to 28.4, allowing miners to remotely crash other users' nodes and execute code by mining specially crafted blocks.The vulnerability was discovered and responsibly disclosed by developer Cory Fields in November 2024. The fix was merged in December of that year and released with version v29 in April 2025. The last vulnerable 28.x version series was discontinued on April 19, 2026.However, since upgrading Bitcoin full nodes is voluntary, it is estimated that about 43% of nodes are still running the vulnerable old version software, facing potential risks. Fortunately, the cost of implementing such an attack is extremely high—miners would need to allocate significant computational power to mine invalid blocks that do not yield block rewards—so it is likely that it has never been exploited in practice.

According to Techiexpert, Telegram has launched a no-code AI bot building tool. Users only need to interact with the LobsterFather bot to obtain a key (token), which can then be connected to platforms like Telewer, GPTBots, or Lazy AI. By selecting options, users can set the bot's conversation style and functions, supporting different AI models such as GPT and Llama.Users can also create a Master Bot to manage and assign tasks to sub-bots, suitable for handling multiple chat groups or customer inquiries. This feature is integrated with Telegram Business, allowing the bot to autonomously reply to messages or organize communities. Users can have the bot welcome new members 24/7, filter spam, and answer frequently asked questions. However, it is important to be aware of third-party data security risks.