Paradigm researcher: Twitter security vulnerability now fixed

Paradigm researcher Samczsun posted on social media that the security vulnerability reported by Twitter this morning has been fixed. The technical summary is as follows:

Reflected XSS and CORS/CSP bypass in Twitter subdomains allow arbitrary requests to the Twitter API as a local authenticated user.

BlockBeats previously reported that earlier today, Chaofan Shou, co-founder of fuzzland and a doctoral student at the University of California, Berkeley, posted that a critical vulnerability had appeared in Twitter. This vulnerability allows hackers to gain full access to user accounts with just one click of a link. This means that hackers can tweet, retweet, like, block, etc., but cannot change user passwords.

Comments

All Comments

Recommended for you

MIIX Capital ·

MIIX Capital: io.net Research & Analysis Report

io.net is a decentralized GPU network for ML computing, valued at $1 billion, expected to reach over $5 billion in the bull market cycle.
NFTScan ·

NFT 101: What Is NFT Perps Trading?

NFT Perpetual Futures (NFT Perps) is a new type of derivative that allows investors to trade NFTs with better liquidity.
NFTScan ·

X Space Recap: Web3 Users’ Crypto Asset Security in the New Asset Protocol Boom

In the new asset protocol trend and the rapid development of the NFT ecosystem, with various new gameplay emerging, how Web3 users can effectively protect their crypto assets has become a new challenge.
Shenyu: Up to one billion users' cloud input methods may have leaked input content. Please take immediate measures to reduce the risk.

On April 29th, Cobo co-founder and CEO Shen Yu wrote on X platform that the cloud input method used by up to one billion users may have leaked input content. If you have entered mnemonic words or other sensitive information through any of the following cloud input methods, please take immediate measures to reduce the risk.
Chainlink ·

What Is Tokenization?

Tokenization is the process of creating a digital representation of an asset by issuing a blockchain-based token.
Cointime精选 ·

A Superior Onboarding Experience: Overtime Markets Integrates Particle Network’s Wallet Abstraction

Overtime Markets is a decentralized, permissionless sports market on the Arbitrum, Base and Optimism L2s. It’s developed on top of the Thales protocol, a permissionless, order book-based peer-to-peer Positional Markets platform powered by Chainlink price feeds.
SlowMist: Beware of watering hole attacks launched by malicious attackers using WordPress plugin vulnerabilities

SlowMist Security has issued a warning that attackers have recently been exploiting vulnerabilities in WordPress plugins to inject malicious JS code into normal websites and launch watering hole attacks. These attacks involve popping up malicious windows when users visit the site, deceiving them into executing malicious code or performing Web3 wallet signatures, thereby stealing their assets. It is recommended that sites using WordPress plugins check for vulnerabilities, update plugins in a timely manner, and avoid being attacked. When visiting any website, users should carefully identify the downloaded programs and Web3 signature content to avoid downloading malicious programs or having their assets stolen due to malicious signatures.
Unverified Ember Sword NFT auction contract vulnerability has caused nearly $200,000 in losses

Certik has discovered a vulnerability in the unverified Ember Sword NFT auction contract, which has earned 60 WETH (approximately $195,000) from 159 victims who approved the contract. Certik reminds users to revoke their approval of the relevant contract on Polygon.
Cointime精选 ·

Making Ether A Better Money

In its current form, Ether (ETH) is not a good form of money. This is due to one critical limitation: its value is highly unstable. However, ETH can become stable by adjusting the rewards to validators (and thus the supply of ETH) to changes in demand for ETH. We can target a 0% inflation rate while ensuring validators are paid sufficiently to ensure network security. This new monetary policy can be called Stable Ether Monetary Policy (SEMP). With SEMP, ETH holders would have a great currency, and ETH validators would have exposure to the adoption of ETH.
zkSync ecological lending platform xBank Finance suspected of RUG

xBank Finance, a zkSync ecosystem lending platform, was suspected of being a RUG, and the protocol's TVL was close to zero. The project's official Twitter account has been frozen.