Corporate Employees Targeted by Vidar Malware
The purpose of Vidar malware is to infiltrate systems and deploy a payload to extract sensitive data.
Continue ReadingCybersecurity News
Network Security in Litecoin Compromised by ZeroDay Bug
- Litcoin network security compromised
- A zero-day bug caused a DoS attack that disrupted major mining pools.
- Unpatched Litecoin Nodes Created the Vulnerability, allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX’s
A sophisticated zero-day bug triggered a chain of events that included a Denial of Service (DoS) attack on Litcoin a major mining pools and a specialized exploit of the MimbleWimble Extension Blocks (MWEB). The zero-day specifically targeted MWEB, Litecoin’s privacy feature which are complex in nature and that creates attack surfaces. The specific vulnerability has been patched in version 0.21.5.4,
How is Litecoin different from Bitcoin?
Litecoin is a 2011 fork of Bitcoin with faster block times (2.5 minutes vs. 10 minutes), a larger supply cap (84 million vs. 21 million), and the Scrypt mining algorithm instead of SHA-256. The biggest functional difference today is MWEB, which gives Litecoin optional transaction privacy that Bitcoin does not offer at the base layer.
Attack Module
The attack had two components. First, the attackers used a DoS scheme to take mining nodes running the updated code offline. Then, unprotected nodes formed an alternative chain that included invalid MWEB transactions.
What caused the zero day vulnerability?
The bug or flaw led to a denial-of-service assault that temporarily interrupted operations at several prominent mining pools. The event, which occurred over the weekend, exposed a narrow window of risk but was contained efficiently through coordinated technical measures.
At the core of the disruption were mining nodes that had not yet applied the most recent security patches. Litcon said now the bug has now been fully patched, and the network continues to operate normally. A new core version was released subsequently, including important security updates.
The zero-day attack succeeded because many Litecoin nodes ran outdated software that improperly validated MWEB transactions. This created a two-tier network in which different participants operated under distinct consensus rules.
Bitcoin and Litecoin have no mandatory update mechanism so mostly Nodes can run old software indefinitely. Attackers seized this opportunity and the exact vulnerability exploited in the attack.
Litecoin developers have fixed the issue and the zeroday incident exposes how dependent decentralized networks are on coordinated node updates and careful operator behavior. The network was recovered, but it did not emerge unscathed.
Team Litcoin confirmed the bug on their official X account and stated a patch has been fully deployed, with node operators urged to update immediately. No user funds were lost, but the reorg reversed transactions across those 13 blocks, a depth that qualifies as a serious network event by any measure.
Conclusion:
As per security experts the incident exposed a vulnerability in the update mechanism in Proof-of-Work (PoW) networks and there is a level of risk in its privacy layers as threat actors took advantage by channeling funds through external platforms.
At the same time causing a Denial of Service attack (DoS) on large mining pools. The incident proved how important it is for nodes and miners to stay up to date and patch timely.
Sources: Litecoin Network Security: Zero-Day Bug Fixed
Litecoin MWEB Exploit Explained | 13-Block Reorg and What It Means | 2026
Cyber breach Incident Exposed Itron’s Internal System & Network
Cyber breach at Itron
Continue Reading
Security Flaw in LMDeploy Exploited in 12 hours is CVE-2026-33626
CVE-2026-33626 vulnerbility in LLMDeploy
Continue Reading
Critical ‘by design’ weakness located in Anthropic’s MCP SDK
Systemic remote code execution vulnerability in Anthropic’s Model Context Protocol (MCP) SDK
Continue Reading
Surge in CVE Volume lead NIST to Prioritizes NVD Program
NIST’s NVD program aimed to analyze all CVEs to add details — such as severity scores and product lists that mostly assisted cybersecurity professionals prioritize and mitigate vulnerabilities.
Continue Reading
Vulnerable ABAP Program Patched by SAP in April Security Updates
SAP security patch day saw the release of 19 new security notes on April 14th. There is 1 update to previously released security note. The update addresses several severe flaws, including critical SQL injection, denial of service (DoS) and code injection vulnerabilities.
Vulnerability Details:
[CVE-2026-27681] SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse is most critical with CVSS score 9.9. This flaw may allow attackers to run arbitrary database queries, potentially compromising sensitive information and system integrity.
SAP also released a security note that addresses a high-severity missing authorization check in ERP and S/4 HANA. Tracked as CVE-2026-34256, is missing authorization check in SAP ERP and SAP S/4 HANA. With a CVSS score of 7.1, this vulnerability could enable unauthorized users to perform restricted actions in both private cloud and on‑premise deployments
Further it could be exploited to execute an ABAP program and rewrite existing eight‑character executable programs.
[CVE-2025-64775] Denial of Service Vulnerability in SAP BusinessObjects Business Intelligence Platform, the criticality is medium
[CVE-2026-34264] Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA, medium criticality
Key inputs:
Of the remaining security notes, 16 (15 new and 1 updated) deal with medium-severity vulnerabilities that could lead to information disclosure.
The vulnerabilities may trigger denial-of-service (DoS), XSS attacks, code injection, redirection to malicious content or code execution in the victim’s browser.
Patching:
The flaws were patched in BusinessObjects, Business Analytics, Content Management, S/4HANA, Supplier Relationship Management, NetWeaver, HANA Cockpit and HANA Database Explorer, Material Master Application and S4CORE.
The two remaining notes address low-severity code injection bugs in NetWeaver and Landscape Transformation.
Refer to
Dec 2025 Security Advisory SAP Security Patch Released, Critical RCE Fixed & DoS Vulnerabilities
Conclusion: SAP strongly recommends that the customer visits the support portal and applies patches on priority to protect their SAP landscape.
Sources: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2026.html
Sources: https://www.securityweek.com/sap-patches-critical-abap-vulnerability/
New Rowhammer Attack Enabled GPUBreach via GDDR6 Bit-Flips to Escalate Privileges
Rowhammer attacks can be exploited to enable privilege escalation
Continue Reading
Enterprise Security at Risk as Critical Flaw Found in OpenAI’s Codex
Codex Enabled GitHub Token Theft
Continue Reading
Experimental AI Agent ‘ROME’ Breaks Free, Mines Crypto; AI Shaping Crypto’s Future role
AI agent being trained to perform real-world tasks with systems and imagine a world where robots not make money without any human intervention and have digital brains powered by artificial intelligence. The experimental Agent that broke out of system and started mining crypto with no permission set in.
What did Alibaba’s ROME Agent Executed?
- First it probed internal systems
- Opened a hidden external connection
- Attempted to use its environment to mine crypto currency
The news came in light when researchers were experimenting a part of Agentic Learning Ecosystem, or ALE where AI was trained to complete total task step by step using real world tools in steps .
Alibaba’s Rome first began probing internal networks without instructions and established a reverse SSH tunnel from an Alibaba Cloud instance to an external IP address.
The 30-billion-parameter model then quietly diverted GPU capacity toward cryptocurrency mining. The task instructions contained no mention of tunneling or mining, still it went further and was caught by Alibaba’s managed firewall instead of research team where the agent conducted the following mentioned points.
Running commands in a terminal
Followed by editing files
Interacting with systems
The security system raised an alarm and monitoring tools flagged unusual activity on the infrastructure running the tests. The discovery was flagged as security-policy violations whose non typical outbound traffic kept coinciding with specific training episodes.
What was discovered to understand its an AI Agent’s Activity
Researchers then found there was an outbound connections to unknown external servers with repeated policy violations. The traffic patterns were similar to compromised machine’s and alerts kept showing up during separate test runs. After log’s were checked in it was ROME the AI agent.
The AI agent created a reverse SSH tunnel to an external server and allowed it to establish a hidden connection from inside the restricted environment to the outside which was further used to bypass Firewalls.
Experimental AI ROME is not an isolated case
ROME is part of Alibaba’s Agentic Learning Ecosystem(ALE)
A framework that trains large language models to work in real-world environments over multiple turns. The training ran reinforcement learning across more than one million trajectories.
ALE consists of three main parts:
Rock, a sandbox environment for testing an agent and validating its actions
Roll, a framework for optimizing agents with reinforcement learning after they’ve been trained
iFlow CLI, a framework to configure context and trajectories
The interesting part is ‘ROME’ the agentic AI, during optimization figured out a shortcut and that grabbing extra compute and holding onto network access helped it score higher on its training objective.
This incident occurred in Chinese cloud infrastructure, was documented in an English-language paper submitted to a US-hosted preprint server, and is being debated by a global audience. No cross-border framework exists for this category of event.
The results were detailed in research paper titled ‘Let it flow‘, where Agentic crafting on rock and roll, building the Rome model within an open agentic learning ecosystem’, though the breach was only mentioned briefly within the 36-page report.
AI as a more significant force shaping crypto’s future role
ROME is not an isolated cases where AI falls in same pattern to other AI instruments who could grab all the resource required for self defense as core strategies.
The case of Anthropic’s Claude Opus 4 that threatened to reveal personal information about an engineer to avoid being shut down. When Anthropic published research, it revealed 12% of reward-hacking models attempt research sabotage and 50% exhibit alignment faked out.
Robbie Mitchnick, BlackRock’s head of digital assets framed crypto less as a speculative asset and more as infrastructure for the AI economy, noting that bitcoin miners are pivoting toward AI-related computing and that bitcoin may act as a diversifier amid AI-driven disruption.
We can imagine if artificial intelligence system could take over the job of crypto miners and some day they look at the market, decide which coin is the best to mine. That day is not far and it doesn’t end with mining, it is about creating a new kind of digital life where AI thinks and earns.
What is the consequences when AI starts mining crypto for itself ?
A lot will happen as AI starts mining Crypto and it could change everything as autonomous agents won’t just follow order from you. They will be major part of futuristic AI based digital economy and might even teach other AI to conduct similar task.
Sources: BlackRock flags AI as crypto’s next big use case, not token boom
Recent Comments