Tag:

Attack

New Battlefield 6 Trailer Is A Direct Attack Against Call Of Duty
Game Reviews

New Battlefield 6 Trailer Is A Direct Attack Against Call Of Duty

by admin


A new live-action trailer for Electronic Arts’ upcoming Battlefield 6 features a group of celebrities, including Zac Efron, getting swiftly blown up by a missile in what seems to be a dig at Call of Duty‘s many commercials featuring actors, musicians, and other famous people. It’s the latest example of the two military shooter franchises reacting to one another in a way we’ve not seen in years.

On September 28, EA released the “Battlefield 6: Official Launch Live-Action Trailer.” And like many live-action Call of Duty ads from the last decade, the BF6 commercial starts off with a group of celebs cosplaying as soldiers and getting ready to fight. But just 24 seconds into the new trailer, a missile flies into frame and blows up all four stars in a large, fiery explosion. A group of soldiers then walks through the area, with one asking, “Who was that?” and the other bluntly replying that it “doesn’t matter” before telling everyone to move out.

While the new ad doesn’t directly mention Call of Duty, it’s obvious what EA is doing here. For many, many years, Call of Duty games have used celebrities like Will Arnett, Jonah Hill, Michael B. Jordan, Cara Delevingne, and many others in various live-action trailers. As recently as 2021, Call of Duty featured numerous celebs in a Warzone ad that was heavily criticized by fans for going too far and feeling too silly. This new BF6 trailer feels like a direct nod to those celeb-heavy launch ads and a commitment from EA that it won’t follow in CoD’s footsteps, a move that fans in the comments of the trailer seem to greatly appreciate.

Over the years, longtime CoD players have lamented the franchise’s shift away from grounded combat and realism as bizarre crossover skins and over-the-top future tech have become more prevalent in recent entries. This has all come to a head in 2025 as Battlefield 6, which had a massively popular open beta earlier this year, has gone the opposite direction and doubled down on being a gritty, grounded, and realistic military shooter. Activision has responded by making changes to skins, rolling back plans to let all Black Ops 6 skins move forward into Black Ops 7, and even letting devs talk publicly about the series turning down some collaboration cosmetic deals.

It’s very, very unlikely that Battlefield 6 will outsell Call of Duty: Black Ops 7 this year. But it seems like EA’s FPS might take a bigger bite out of the rival shooter series than it has in previous years, and Activision is definitely paying attention. The news that EA is being bought up by Saudi Arabia’s PIF as well as other investors, including Jared Kushner’s investment firm, has certainly added an awkwardness to BF6‘s rollout, though.

Battlefield 6 will launch on October 10 for PS5, Xbox Series X/S, and PC. EA won’t talk about a Switch 2 port. Black Ops 7 launches on consoles and PC in November. It also isn’t going to be available on Switch 2.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Rushing attack, pass rush help Lions defeat Ravens on road
Esports

Rushing attack, pass rush help Lions defeat Ravens on road

by admin


  • Jamison Hensley

    Close

    Jamison Hensley

    ESPN Staff Writer

      Jamison Hensley is a reporter covering the Baltimore Ravens for ESPN. Jamison joined ESPN in 2011, covering the AFC North before focusing exclusively on the Ravens beginning in 2013. Jamison won the National Sports Media Association Maryland Sportswriter of the Year award in 2018, and he authored a book titled: Flying High: Stories of the Baltimore Ravens. He was the Ravens beat writer for the Baltimore Sun from 2000-2011.

  • Eric Woodyard

    Close

    Eric Woodyard

    ESPN

      Eric Woodyard covers the Detroit Lions for ESPN. He joined ESPN in September 2019 as an NBA reporter dedicated to the Midwest region before switching to his current role in April 2021. The Flint, Mich. native is a graduate of Western Michigan University and has authored/co-authored three books: “Wasted,” “Ethan’s Talent Search” and “All In: The Kelvin Torbert Story”. He is a proud parent of one son, Ethan.

Sep 22, 2025, 11:31 PM ET

BALTIMORE — The Detroit Lions used a revitalized pass rush and a punishing rushing attack to defeat the Baltimore Ravens 38-30 at M&T Bank Stadium on Monday night.

David Montgomery ran for 151 yards and two touchdowns for the Lions (2-1), who rushed for 224 yards. Detroit also had two touchdown drives of 96 or more yards and sacked Ravens quarterback Lamar Jackson seven times.

Jackson threw for 288 yards and three touchdowns for the Ravens (1-2), who suffered another costly fumble by veteran running back Derrick Henry.

Here are the most important things to know from Monday night for both teams:

David Montgomery ran for 151 yards and two touchdowns to help the Lions to a big road win. Nick Wass/AP

Detroit had never won against the Ravens in Baltimore — until now.

In their four previous trips, most recently in 2023, the Lions had never tasted victory — or come within nine points of it. But that changed Monday, as the Lions offense got off to a quick start, spearheaded by veteran QB Jared Goff, and their playmakers put on a show.

Running backs Jahmyr Gibbs and Montgomery, along with All-Pro WR Amon-Ra St. Brown, all scored touchdowns. That marked the 10th career game in which they each recorded at least one scrimmage TD, the most such games by any trio of teammates in NFL history, per ESPN Research.

After dropping their Week 1 game at Green Bay, Detroit has now won its last two games in impressive fashion.

Most surprising performance: DE Al-Quadin Muhammad. Hours before kickoff, the Lions placed starting defensive end Marcus Davenport on injured reserve with a chest injury. Muhammad stepped up in a major way against the Ravens with 2.5 sacks, boosting a Detroit pass rush that registered a league-low 19.2% pass rush win rate in the first two weeks. The 30-year-old Muhammad is on his fifth NFL team and in his second season with the Lions after working his way up from the practice squad in 2024.

Trend to watch: The Lions have allowed an opening-drive touchdown in all three games this season under new defensive coordinator Kelvin Sheppard, with Henry scoring on a 28-yard rushing touchdown with 5:47 left in the first quarter. Per ESPN Research, this is the first time Detroit has allowed an opening-drive TD in three consecutive games under coach Dan Campbell, dating to 2021. It also marked the first time in the past 25 years that the Lions allowed an opening-drive touchdown in the first three games of a season. The defense regrouped after the opening-drive score, sacking Jackson a career high seven times.

Stat to know: When Montgomery capped off a 98-yard scoring drive with a goal-line touchdown at 5:57 in the second quarter, he and teammate Gibbs had their first historical moment. Gibbs and Montgomery, aka “Sonic & Knuckles,” each recorded a touchdown in the same game for the 11th time, breaking a tie with the Packers’ Paul Hornung and Jim Taylor and the 49ers’ Hugh McElhenny and Joe Perry for the most such games by any running back tandem. — Eric Woodyard

Next game: vs. Cleveland Browns (Sunday, 1 p.m. ET)

Derrick Henry scored an early touchdown, but a late fumble set the Ravens back. AP Photo/Stephanie Scarbrough

Henry’s uncharacteristic poor ball security cost the Ravens again. Henry fumbled midway through the fourth quarter, which proved to be biggest mistake in the Ravens’ loss to the Lions. He showed his frustration by slamming his helmet into the bench. Henry has lost the ball in the fourth quarter in both of Baltimore’s losses this season. This has been unlike Henry, who had lost two rushing fumbles in the fourth quarter or overtime in his previous nine seasons.

Defensively, the Ravens allowed touchdown drives of 98 and 96 yards to the Lions, but this isn’t the first time Baltimore has given up these types of marathon drives. The last team to allow multiple 95-yard touchdown drives on Monday Night Football was the Ravens, who did so against the Texans in 2010, according to ESPN Research.

Baltimore has a losing record after three games for just the third time in coach John Harbaugh’s 18 seasons as head coach. The Ravens, whose 111 points are the most in the first three games for a team with a losing record in NFL history, now head to play at Kansas City (1-2), where they have never beaten Patrick Mahomes. Since 2008, Baltimore is 0-3 at Arrowhead Stadium, allowing an average of 29 points per game.

Trend to watch: Lamar Jackson’s touchdown passes of 3 yards to wide receiver Rashod Bateman and 14 to tight end Mark Andrews helped the quarterback set a team record. This marked Jackson’s ninth straight game with two or more touchdown passes, which surpasses Vinny Testaverde’s streak of eight in 1996. It’s also the longest active streak of multiple touchdown-pass games in the league.

Most surprising performance: Andrews looked like Jackson’s favorite target again after the slowest start to a season in his eight-year career. Andrews caught six passes for 91 yards and two touchdowns. It had been a struggle this season for Andrews, who totaled two receptions for seven yards in the first two games. That slow start followed the playoff loss in Buffalo, where he dropped a late 2-point conversion pass that would have tied the game.

Stat to know: Jackson had little room to scramble and got sacked seven times, the most of his career. Baltimore has lost three of the four games in which Jackson has been sacked at least five times. — Jamison Hensley

Next game: at Kansas City Chiefs (Sunday, 4:25 p.m. ET)



Source link

0 comments
0 FacebookTwitterPinterestEmail
(Midjourney/CoinDesk)
GameFi Guides

Trump’s Attack on Fed May Deepen Policy Lag, Send Dollar (USD) Lower

by admin



One of the most controversial features of President Donald Trump’s second term is his relentless criticism of Federal Reserve (Fed) Chair Jerome Powell for maintaining elevated interest rates – a stance Trump argues is unnecessarily costly to the American economy.

But this is more than just rhetoric. Trump is aggressively attempting to undermine the Fed’s board, threatening an institution long known for its political independence. Ironically, this very assault risks backfiring, deepening what Trump and others describe as a Fed that is “behind the curve,” potentially leading to a deeper sell-off in the U.S. dollar.

“Political pressures make it tough to credibly shift to an overtly dovish footing. That leaves policy data driven (thus late) rather than pre-emptive. That’s bad for the USD,” the market insights team at Lloyds Bank led by Nicholas Kennedy, said in a note to clients on Sept. 18.

Trump’s Attack on the Fed

Last Thursday marked a new chapter in Trump’s campaign against the central bank, as his administration took the unprecedented step of petitioning the U.S. Supreme Court to allow the firing of Federal Reserve Governor Lisa Cook. This would be the first forced removal of a sitting Fed governor since the institution’s founding in 1913.

The move followed a temporary judicial block issued by U.S. District Judge Jia Cobb, who prevented the ousting of Cook, a Biden appointee, pending further legal proceedings.

According to the Lloyds Bank market insights team, such attacks are likely to increase as Powell enters the final months of his term as Chairman. Trump’s recent appointee at the Fed, Stephen Miran, is already calling for rapid-fire rate cuts and wants the bank to reduce the benchmark borrowing cost by 50 basis points in the recently concluded meeting.

Behind the Curve

At its core, Trump’s campaign reflects a desire for a Fed more responsive to his economic worldview, which demands ultra-low rates around 1%, down significantly from the present 4%.

Trump has argued that current rates keep mortgage costs prohibitively high for many Americans, hindering homeownership and imposing billions in unnecessary debt refinancing expenses. He frames this as a staggering missed opportunity on an otherwise “phenomenal” economy. Meanwhile, many economists agree that rates remain too high given signs of weakening labor markets and consumer health.

Thus, the Federal Reserve is widely perceived as “behind the curve” – a technical term meaning it is too slow to cut rates in response to evolving economic conditions.

Yet, Trump’s insistence on forcing faster rate cuts risks pushing the Fed further behind this curve.

Damned if they do, damned if they don’t

Imagine holding the reins of the world’s most powerful central bank, responsible not only for the world’s largest economy, but the fate of the global reserve currency, the USD. Now imagine the political pressure to cut rates quickly, against the fear of appearing politically compromised. This leaves policymakers damned if they act and damned if they don’t.

So, unlike typical policymakers who adjust with measured calm in response to data, Powell and his colleagues now operate under intense political pressure and public scrutiny from the White House. They face a classic catch-22: face accusations of succumbing to political pressure in case of rapid rate cuts (even if they do so independently); wait too long and risk the potential deepening of an economic slowdown.

This dynamic could breed reflexive stubbornness. To avoid accusations of capitulating to political pressure, the Fed may instinctively lean towards caution – waiting longer and keeping rates elevated. However, this posture can exacerbate the problem: delayed rate cuts keep monetary policy out of sync with economic conditions, much like a patient who resists mild medication only to require drastic doses once a fever spikes.

The subsequent high doses of rate cuts could be interpreted by markets as a sign of panic, leading to increased volatility in financial markets, including cryptocurrencies.

Dollar at risk

The catch-22 situation could also weigh on the U.S. dollar, a bullish development for dollar-denominated assets like gold and bitcoin.

The dollar index, which measures the greenback’s value against major currencies, has dropped nearly 10% this year to 97.64. Meanwhile, bitcoin’s price has rallied by 24% to $115,600.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Chris Tilly
Esports

Coyotes review: Justin Long stars in a very silly movie about when animals attack

by admin



Coyotes stars Justin Long and Kate Bosworth as a couple doing battle with a pack of rabid dogs, in a comedy-horror that leans into laughs rather than scares.

Coyotes concerns a very real problem facing the people of Los Angeles, and over the opening credits, that phenomenon is explained via news reports.

Thanks to a spate of wildfires, coyotes have been pushed deeper and deeper into LA neighborhoods, and these opportunistic predators are now doing whatever it takes to survive.

Article continues after ad

That’s the jumping off point for director Colin Minihan’s new horror movie, which addresses a serious subject, in the silliest way imaginable.

What is Coyotes about?

Aura Entertainment

Following a prologue that sees a Paris Hilton type mauled by one of the title characters, the story proper introduces a family living in the Hollywood Hills – Scott and Liv (played by real-life couple Justin Long and Kate Bosworth) and their teenage daughter Chloe (Mila Harris).

Article continues after ad

They seem happy, though have an apparent problem with rats in their beautiful home, which is revealed to them by an eccentric exterminator called Devon (Keir O’Donnell, channelling John Goodman in the similarly themed Arachnaphobia).

Article continues after ad

While they’re waiting for Devon to wipe the rodents out as a way of sending a message to all other vermin in the area, a storm arrives on their doorstep, knocking down trees, and killing their power. 

Which is when the coyotes appear, seeming vaguely threatening at first, before becoming more direct by growling, bearing their teeth, and then going on the attack. 

“I think it wanted to eat you” a confused Liv tells Scott during a particularly concerning coyote interaction, and as more of the rabid beasts congregate on their lawn, then try to get into their house, it becomes apparent that the family is facing a fight for their lives.

Article continues after ad

Wild animals vs wild characters

That story is told with its tongue firmly in cheek, as potential victims are painted in the broadest of brush-strokes, and oftentimes asking for the doggie assault that’s coming their way.

Article continues after ad

From the coked up neighbor and drunk Irishman in a shell-suit to the sex worker obsessed with conspiracy theories, Coyotes is filled with colorful characters that aren’t to be taken seriously.

Meaning each ultra-violent death is played for laughs, from a tragic barbecue demise to a shocking ribcage cameo, they’re memorable deaths, but the type that will inspire more laughs than scares.

Article continues after ad

That said, there are moments of levity in the movie, thanks to Liv’s issues with Scott’s workaholic tendencies. Indeed, his comic book career and obsession inspires some interesting visuals, character introductions, and jokes, but also threatens to tear his family apart.

Though every time Coyotes flirts with getting serious on that front, the script by Ted Daggerhart, Daniel Meersand, and Nick Simon undercuts the tension, most notably in a hilarious scene where Scott pours his heart out to a wife who can’t hear him.

Article continues after ad

Article continues after ad

Is Coyotes good?

Aura Entertainment

Coyotes is a fun film that delivers on the promise of wild dogs doing battle with dumb humans, while Justin Long – as ever – is a likeable lead, who has you rooting for his character, in spite of some truly terrible decisions.

But there’s a fatal flaw in many of those scenes, as the coyotes rarely look real. Indeed, there are times when the movie feels like live-action merged with bad animation, and all that computer-generated imagery frequently takes you out of the movie.

Article continues after ad

If audiences can put up with that issue however, the horror and comedy elements complement each other nicely, while Coyotes deserves bonus points for not demonising the coyotes themselves, thanks to a surprising sting in the tale/tail…

Coyotes score: 3/5

If you can ignore the bad CGI, and like a broad comedy about even broader characters, Coyotes is a decent entry in the ‘when animals attack’ genre, that manages to sneak in an important environmental message.

Article continues after ad

Coyotes was reviewed at Fantastic Fest, while the film hits theaters on September 29, 2025. While for more scary stuff, check out our list of the best horror movies ever.

Article continues after ad



Source link

0 comments
0 FacebookTwitterPinterestEmail
Shibarium bridge exploited, $2.4m lost in flash loan attack
NFT Gaming

Shibarium bridge exploited, $2.4m lost in flash loan attack

by admin



Shiba Inu’s Shibarium bridge suffered a $2.4 million flash loan attack on Friday, giving the exploiter control of 10 of 12 validator keys and allowing them to drain ETH and SHIB tokens from the network.

Developers quickly paused certain functions, secured remaining funds in a multisig hardware wallet, and are working with security firms to investigate the breach, which underscores the growing risk facing cross-chain bridges in DeFi.

Summary

  • Shibarium bridge hacked, $2.4m in ETH and SHIB drained via flash loan exploit
  • Hacker used 4.6m BONE loan, gained validator control, drained bridge contract
  • Devs paused network, secured funds in multisig, and work with security firms

The exploit forced Shiba Inu (SHIB) developers to halt certain network activities while they assessed the damage.

The attacker borrowed 4.6 million BONE (BONE) tokens through a flash loan and gained access to 10 of 12 validator signing keys securing the network.

This gave the exploiter a two-thirds majority stake and allowed them to drain approximately 224.57 ETH (ETH) and 92.6 billion SHIB from the bridge contract before transferring the funds to their own address.

Shiba Inu dev: Attack was planned for months

Shiba Inu developer Kaal Dhairya described the incident as a “sophisticated” attack that was “probably planned for months.”

The attacker used their privileged position to sign malicious state changes and extract assets from the bridge infrastructure.

🚨 Shibarium Bridge Security Update 🚨

Earlier today, a sophisticated ( probably planned for months ) attack was carried out using a flash loan to purchase 4.6M BONE. The attacker gained access to validator signing keys, achieved majority validator power, and signed a malicious…

— Kaal (@kaaldhairya) September 13, 2025

The Shibarium team moved quickly to contain the breach, pausing stake and unstake functionality as a precautionary measure.

They transferred stake manager funds from the proxy contract into a hardware wallet controlled by a trusted 6-of-9 multisig setup.

The borrowed BONE tokens used in the attack remain locked in Validator 1 due to unstaking delays. This allows developers to freeze those funds. This delay mechanism may prevent the attacker from fully profiting from their exploit.

Shibarium is under damage control mode

Developer Dhairya noted they are currently in “damage control mode” and haven’t decided whether the breach originated from a compromised server or developer machine. The team is working with security firms Hexens, Seal 911, and PeckShield to investigate the incident.

Authorities have been contacted about the attack, but the team remains open to negotiations. They offered not to press charges if the funds are returned and indicated willingness to pay a small bounty for the assets’ recovery.

Cross-chain bridges have become prime targets for hackers due to their complex security models and large fund pools. The Shibarium incident joins a growing list of bridge exploits that have cost the DeFi ecosystem billions in losses.

The team plans to restore stake manager funds once secure key transfers are completed and validator control integrity is verified.

Full network functionality will resume only after confirming the extent of any validator key compromise and implementing additional security measures.





Source link

0 comments
0 FacebookTwitterPinterestEmail
Shibarium
NFT Gaming

Shibarium Bridge Falls Victim To $2.4 Million Drain Attack

by admin


Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

Shibarium, the Ethereum-based Layer 2 scaling solution built around the Shiba Inu ecosystem, has suffered a major security breach, leading to the loss of about $2.4 million in assets. The drain attack has since prompted intense immediate emergency responses.

Hacker Uses Bridge Funds To Seize 4.6M BONE

In an X post on September 13, the development team behind the Shiba Inu (SHIB) token revealed that a hacker leveraged funds from an earlier bridge hack to acquire 4.6 million BONE tokens in a single block, mimicking a flash loan-style transaction. This maneuver temporarily granted the malicious actor significant validator voting power to sign a malicious state on the Shibarium network, where BONE functions as the governance token.

Notably, the flash loan-like transactions were settled using assets transferred directly from the bridge in the form of 224.57 Ethereum (ETH) ($1.05 million) and 92.6 billion SHIB ($1.30 million). However, the BONE tokens remain locked with validators due to staking mechanisms, preventing the attacker from withdrawing them immediately.

Nevertheless, the validator compromise highlighted a critical issue for the Ethereum layer 2 solution. The Shiba Inu team notes that evidence suggests that 10 of 12 validators’ signing keys were breached, leaving only K9 Finance and Unification validators resisting the malicious signing attempt.

In addition, other assets, including LEASH ($645,000), ROAR ($284,000), TREAT ($50,000), BAD ($17,000), and SHIFU ($10,000), were also drained but have not been sold. Meanwhile, the hacker’s attempt to offload approximately $700,000 worth of stolen KNINE tokens was thwarted after the K9 Finance DAO multisig blacklisted their address, effectively freezing 248 billion KNINE permanently.

Shibarium Team Shares Security Response And Next Steps

In the immediate aftermath, the Shiba Inu team has halted staking and unstaking functions to safeguard community assets. Meanwhile, stake manager funds were also moved from proxy contracts into a secure 6-of-9 hardware multisig wallet. In addition, Blockchain security teams such as Hexens, Seal911, and PeckShield have also been onboarded to conduct a forensic investigation into the breach.

In other developments, Shiba Inu developer with X username Kaal Dhairya confirmed that while damage control and investigations are underway, the team is open to negotiating with the hacker, offering leniency and even a potential small bounty should the stolen assets be returned.

Following the hack, the Shibarium ecosystem tokens have varying degrees of a negative price reaction. Notably, the Shiba Inu (SHIB) trades at 0.000014 following a slight 1.67% decline in the last day. Meanwhile, LEASH and BONE are down by 5.69% and 21.98% respectively, within the same period.

SHIB trading at $0.00001396 on the daily chart | Source: SHIBUSDT chart on Tradingview.com

Featured image from Dreamstime, chart from Tradingview

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Ledger Cto Warns Users Amid Massive Npm Supply Chain Attack
GameFi Guides

Ledger CTO Warns Users Amid Massive NPM Supply Chain Attack

by admin



Ledger’s Chief Technology Officer, Charles Guillemet, issued a strong warning on Monday, urging some users to temporarily stop on-chain transactions. The alert comes after a massive supply chain attack compromised a trusted developer’s NPM account, affecting packages that have been downloaded over 1 billion times.

“There’s a large-scale supply chain attack in progress,” Guillemet said in a post on X. “If you use a hardware wallet, pay attention to every transaction before signing and you’re safe. If you don’t, refrain from making any on-chain transactions for now.”

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.

The malicious payload works…

— Charles Guillemet (@P3b7_) September 8, 2025

How the Attack Works

Supply chain attacks target the software distribution process, not individual users. Here, hackers acquired the NPM account of a developer ‘qix’.

They allegedly inserted malicious code, which replaces cryptocurrency addresses automatically, deceiving users to send money to the attacker, rather than the receiver. This method is similar to tactics used by North Korean hackers to steal $1.5 billion from the crypto exchange Bybit earlier this year.

Crypto developers quickly noticed the attack. @0x_ultra shared that packages like Chalk, with over 2 billion weekly downloads, were compromised and could steal private keys.

The impacted developer verified the attack, saying that phishing emails that pretended to be NPM threatened to lock accounts of maintainers to tempt them to visit rogue websites. However, at the time of reporting, the attacker only managed to steal $498.

What Users Should Do

The compromised packages were reportedly patched around 15:15 UTC. However, websites and apps that updated dependencies recently might still be at risk. 

Further, Uniswap, Metamask, Ledger, OKX Wallet, Sui, Aave and Morpho have stated that they were “not affected” by the NPM supply chain attack.

Guillemet also reassured users that those using hardware wallets with clear signing are safe. Developers are encouraged to verify all the dependencies and make sure that they are not using the compromised versions.

This attack is being described as possibly the biggest supply chain attack in history, and it is a reminder of the increasing risks in the software ecosystem and the role of security in crypto transactions.

Also Read: SwissBorg Crypto Platform Loses $41M Solana in Major Security Breach





Source link

0 comments
0 FacebookTwitterPinterestEmail
DOGE (Virginia Marinova/Unsplash)
GameFi Guides

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

by admin



Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.

Guillemet did not name the developer whose account he said was compromised.

The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly.

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.

The malicious payload works…

— Charles Guillemet (@P3b7_) September 8, 2025

“NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages.

“The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added.

Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds.

“The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and ensure they match the intended addresses.”

“Hardware wallets without secure screens and any wallet that doesn’t support Clear signing is at high risk as it is impossible to accurately verify the transaction details are correct,” he added.

“It’s an opportunity to remind everyone: always verify your transactions, never blind sign, use a hardware wallet with a secure screen, and Clear Sign everything,” Guillemet said.

Read more: Ledger CTO Addresses Criticism of New Wallet Recovery Service





Source link

0 comments
0 FacebookTwitterPinterestEmail
Ripple CTO Praises XRP Wallet for Swift Reaction to Supply Chain Attack
NFT Gaming

Ripple CTO Praises XRP Wallet for Swift Reaction to Supply Chain Attack

by admin


David Schwartz, chief technology officer at Ripple, has praised Xaman, a popular XRP wallet, for swiftly reacting to a large-scale supply chain attack on the Node Package Manager (NPM) ecosystem. 

A reputable developer’s NPM account was recently compromised, and widely JavaScript packages ended up being infected with malicious code. 

The malware specifically targets cryptocurrency wallets such as MetaMask in order to redirect the funds of uninitiated crypto users to the attackers by secretly swapping addresses. 

You Might Also Like

As reported by U.Today, Ledger CTO Charles Guillemet has urged crypto users who do not have hardware wallets with clear signing to temporarily stop conducting on-chain transactions. 

Xaman’s reaction 

The team behind the Xaman wallet immediately conducted an audit, which showed that it was safe for users. 

XRPL Labs co-founder Wietse Wind Supply has noted that chain attacks are becoming “more and more common.”



Source link

0 comments
0 FacebookTwitterPinterestEmail
Decrypt logo
GameFi Guides

‘CopyPasta’ Attack Shows How Prompt Injections Could Infect AI at Scale

by admin



In brief

  • HiddenLayer researchers detailed a new AI “virus” that spreads through coding assistants.
  • The CopyPasta attack uses hidden prompts disguised as license files to replicate across code.
  • A researcher recommends runtime defenses and strict reviews to block prompt injection attacks at scale.

Hackers can now weaponize AI coding assistants using nothing more than a booby-trapped license file, turning developer tools into silent spreaders of malicious code. That’s according to a new report from cybersecurity firm HiddenLayer, which shows how AI can be tricked into blindly copying malware into projects.

The proof-of-concept technique—dubbed the “CopyPasta License Attack”—exploits how AI tools handle common developer files like LICENSE.txt and README.md. By embedding hidden instructions, or “prompt injections,” into these documents, attackers can manipulate AI agents into injecting malicious code without the user ever realizing it.

“We’ve recommended having runtime defenses in place against indirect prompt injections, and ensuring that any change committed to a file is thoroughly reviewed,” Kenneth Yeung, a researcher at HiddenLayer and the report’s author, told Decrypt.

CopyPasta is considered a virus rather than a worm, Yeung explained, because it still requires user action to spread. “A user must act in some way for the malicious payload to propagate,” he said.



Despite requiring some user interaction, the virus is designed to slip past human attention by exploiting the way developers rely on AI agents to handle routine documentation.

“CopyPasta hides itself in invisible comments buried in README files, which developers often delegate to AI agents or language models to write,” he said. “That allows it to spread in a stealthy, almost undetectable way.”

CopyPasta isn’t the first attempt at infecting AI systems. In 2024, researchers presented a theoretical attack called Morris II, designed to manipulate AI email agents into spreading spam and stealing data. While the attack had a high theoretical success rate, it failed in practice due to limited agent capabilities, and human review steps have so far prevented such attacks from being seen in the wild.

While the CopyPasta attack is a lab-only proof of concept for now, researchers say it highlights how AI assistants can become unwitting accomplices in attacks.

The core issue, researchers say, is trust. AI agents are programmed to treat license files as important, and they often obey embedded instructions without scrutiny. That opens the door for attackers to exploit weaknesses—especially as these tools gain more autonomy.

CopyPasta follows a string of recent warnings about prompt injection attacks targeting AI tools.

In July, OpenAI CEO Sam Altman warned about prompt injection attacks when the company rolled out its ChatGPT agent, noting that malicious prompts could hijack an agent’s behavior. This warning was followed in August, when Brave Software demonstrated a prompt injection flaw in Perplexity AI’s browser extension, showing how hidden commands in a Reddit comment could make the assistant leak private data.

Generally Intelligent Newsletter

A weekly AI journey narrated by Gen, a generative AI model.



Source link

0 comments
0 FacebookTwitterPinterestEmail
Close