extension

According to monitoring by Catcher Predict, in the market prediction on Polymarket regarding the event "The United States announces a new agreement or ceasefire extension with Iran," the "Yes" option in the sub-market "June 30" experienced significant fluctuations in winning probability, soaring from 46.5% an hour ago to the current 62% (a fluctuation of 15.5%). Please note the impact of related breaking news.

According to CNN, officials stated that after meeting with advisors on Friday, Trump made modifications to the proposed agreement with Iran, which will extend the negotiation process by another week. The specific modifications requested by Trump are unclear, but officials indicated that the president insists on including tougher language regarding Iran's nuclear commitments and guarantees for the reopening of the Strait of Hormuz. There are also concerns about the economic relief measures that the agreement might provide to Iran.Additionally, Trump previously stated that the U.S. would take over and destroy Iran's stockpile of highly enriched uranium, and he mentioned that the agreement does not involve any exchange of funds. However, the Iranian side stated that the current negotiations do not involve details of the nuclear program and insists that any agreement must include arrangements related to funding. It remains unclear how these differences will be resolved as both sides continue to bargain over the wording of the agreement.

According to on-chain data monitored by Catcher Predict, significant capital movements are predicted in the market Polymarket. A large whale invested $72,551 in the event "Will the U.S. announce a new Iran agreement/ceasefire extension before..?" for the date "May 28." Based on the current transaction price, the latest corresponding probability for this target is 95.07%.

According to monitoring by Catcher Predict, in the event "The United States announces a new Iran agreement/ceasefire extension until __?" on the prediction market Polymarket, the "Yes" option in the sub-market "May 30" experienced significant fluctuations in winning probability, soaring from 9% an hour ago to the current 37% (a fluctuation of 28%). Please note the impact of related breaking news.

According to monitoring by Catcher Predict, in the event "The U.S. announces a new Iran agreement/ceasefire extension to...?" on the prediction market Polymarket, the "Yes" option's probability in the sub-market "May 30" experienced significant fluctuations, soaring from 29.5% an hour ago to the current 44.5% (a fluctuation of 15%). Please note the impact of related breaking news.

According to monitoring by Catcher Predict, in the event "Will the U.S. announce a new Iran agreement/ceasefire extension on __?" on the prediction market Polymarket, the probability of the "Yes" option in the submarket "May 28" has experienced drastic fluctuations, dropping from 50% an hour ago to the current 30.5% (a fluctuation of 19.5%). Please note the impact of related breaking news.

According to monitoring by Catcher Predict, in the event "Will the U.S. announce a new Iran agreement/ceasefire extension on __?" on the prediction market Polymarket, the "Yes" option in the sub-market "May 25" experienced a sharp fluctuation in winning probability, plummeting from 65% an hour ago to the current 49.5% (a fluctuation of 15.5%). Please note the impact of related breaking news.

According to Catcher Predict monitoring, in the event "The U.S. announces a new Iran agreement/ceasefire extended to __?" on the prediction market Polymarket, the "Yes" option in the sub-market "May 24" experienced a sharp fluctuation in winning probability, soaring from 42.5% an hour ago to the current 58.5% (a fluctuation of 16%). Please note the impact of relevant breaking news.

GitHub has updated the details of the investigation into the unauthorized access incident of its internal repositories: GitHub detected and contained an incident yesterday involving an employee's device being compromised, which involved a maliciously implanted VS Code extension. GitHub removed the malicious extension, isolated the affected terminals, and immediately initiated an incident response. Current assessments show that only GitHub's internal repositories experienced data exfiltration, and the approximately 3,800 repositories claimed by the attackers are roughly consistent with the investigation results. GitHub has prioritized rotating critical credentials, is analyzing logs, verifying credential rotations, and monitoring subsequent activities, with a complete report to be released after the investigation is concluded.Additionally, Slow Mist's Chief Information Security Officer 23pds commented on this incident, stating: "By analyzing leaks from cybercrime forums, hackers may have used Anthropic's Mythos security AI to precisely breach GitHub's defenses and steal information from about 4,000 core internal repositories: including the source code for Copilot, the algorithms for CodeQL, the Actions runtime, and the entire billing system. Further analysis of this code could lead to subsequent attacks, having a profound security impact on the integration of the open-source community."

SlowMist has issued a security warning stating that a high-risk phishing activity targeting TRON wallet users has been discovered. Attackers created a fake Chrome extension for the TronLink wallet, using Unicode bidirectional control characters and Cyrillic homographs to disguise the brand name. After installation, the extension loads a complete phishing page through a remote iframe, forming a "shell-core separation" credential theft chain.The malicious extension name uses homographs for disguise, and its Chrome Store page inherits the high user count and positive reviews of the real extension, lowering the review threshold. There is very little local code, only loading remote pages, making static analysis nearly impossible to detect malicious behavior. The remote phishing page perfectly replicates the official TronLink web wallet interface, stealing mnemonic phrases, private keys, Keystore files, and passwords, and relaying them in real-time via a Telegram Bot.Built-in anti-analysis features disable right-click, developer tools, drag-and-drop, and printing, and redirect based on the geographic and language settings of Russian users to evade detection. SlowMist recommends immediately uninstalling suspicious extensions, clearing local storage, checking for abnormal traffic, and if credentials have been entered, creating a new wallet and transferring assets immediately.

According to the security agency Blockaid (@blockaid_), the Ekubo Protocol is currently experiencing ongoing attacks on a v2 custom extension contract on Ethereum, resulting in a loss of approximately $1.4 million.The root cause of the attack lies in the fact that the IPayer.pay callback of this extension does not effectively restrict the source of the parameters, allowing attackers to control the payer, token, and amount parameters, thereby arbitrarily transferring authorized tokens. Users of the core Ekubo protocol are not affected, but users who have authorized this v2 contract as a token spender face direct risks. Blockaid recommends that relevant users immediately revoke their authorization.

According to CNBC, the crypto data and research platform Blockworks announced the completion of its Series A extension financing, with a post-money valuation of $192 million. This round was co-led by Parafi Capital and Reciprocal Ventures, with participation from several institutions including Coinbase Ventures, Advancit Capital, and MoonPay. Over 20 founders and operators from projects such as Solana, LayerZero, Pyth, EigenLayer, Kraken, Arbitrum, and Polygon also participated personally, though the specific financing amount has not been disclosed.The company stated that the crypto market has grown to a trillion-dollar scale without the infrastructure of traditional capital markets, but still faces issues such as data fragmentation, inconsistent disclosures, and a lack of communication mechanisms for investors. Blockworks aims to fill this gap through a "data + disclosure + investor relations" integrated framework.

According to PR Newswire, fintech company Superstate announced the completion of a Series B funding round, with asset management giant Invesco Private Capital, a subsidiary of Invesco, as a new investor, although the amount has not been disclosed.At the same time, Invesco will serve as the investment manager for Superstate's flagship tokenized fund USTB (Short-Term U.S. Treasury Fund) starting in Q2 2026. The fund has a size of approximately $900 million, making it one of the largest tokenized government bond products globally. After the handover, the fund will be renamed, while Superstate will retain the function of digital transfer agency. This move marks Invesco's full entry into the blockchain fund sector.

According to GoPlus citing a Koi report, the Claude Chrome extension under Anthropic has a high-risk prompt injection vulnerability, affecting all versions of the extension below 1.41.Attackers can construct malicious web pages that silently load an iframe containing a cross-site scripting (XSS) vulnerability in the background, executing malicious payloads within the a-cdn.claude.ai subdomain. Since this subdomain is on the extension's trust whitelist, attackers can directly send malicious prompts to the Claude extension and execute them automatically, without requiring user authorization or any clicks, leaving the victim unaware.This vulnerability can allow attackers to manipulate the Claude extension to read users' Google Drive documents, steal business access tokens, or export chat logs, and can take over the current browser session to perform sensitive operations like sending emails as the victim. GoPlus recommends that users immediately update the Claude extension to version 1.41 or above and remain vigilant against phishing links.

The Chief Information Security Officer of Slow Fog Technology, 23pds, issued a reminder to be wary of fake imToken Chrome extensions. A fake imToken Chrome extension in the Chrome Web Store is phishing for seed phrases and private keys.

The cybersecurity agency Moonlock Lab reports that crypto hackers have recently upgraded their "ClickFix" attack method, beginning to impersonate venture capital firms to contact target users through social platforms and lure them into executing malicious code to steal crypto assets.Attackers disguise themselves as fake venture capital firms such as SolidBit, MegaBit, and Lumax Capital, sending collaboration invitations via LinkedIn and guiding victims to fake Zoom or Google Meet meeting links. The pages embed a fake Cloudflare "I am not a robot" verification button, which, when clicked, copies malicious commands to the clipboard and tricks users into pasting and executing them in the terminal, thus completing the attack. Researchers point out that this method circumvents traditional security mechanisms by "making victims execute commands themselves."Meanwhile, hackers are also hijacking browser extensions to carry out attacks. John Tuckner, founder of cybersecurity company Annex Security, revealed that the Chrome extension QuickLens, after changing ownership on February 1, released a new version containing malicious scripts two weeks later, triggering ClickFix attacks and stealing user data. The extension had about 7,000 users and has since been removed from the store. Reports indicate that the hijacked extension scans crypto wallet data and mnemonic phrases, and scrapes Gmail content, YouTube channel data, and web login or payment information.

GoPlus has released a security alert that a vulnerability in the Chrome browser allows malicious extensions to escalate privileges through the Gemini panel. Please upgrade your Chrome browser to version 143.7499.192 or above immediately.This vulnerability allows malicious extensions to control the Gemini Live panel in the Chrome browser, thereby escalating privileges to access the camera and microphone, take screenshots, access local files, and more without user consent. The vulnerability is identified as CVE-2026-0628, and Google has fixed it in the Windows/Mac versions 143.7499.192/.193 and the Linux version 143.7499.192 at the beginning of January 2026. Please check and upgrade your Chrome version immediately.

Binance Wallet announces that its extension now supports the TON network. Users can explore the TON dApp ecosystem and manage their assets, while developers can integrate via TON Connect to reach users.