The US government, citing national security authorities, has issued an export control directive to suspend all access to Fable 5 and Mythos 5 by any foreign national, whether inside or outside the United States, including foreign national Anthropic employees. The net effect of this order is that we must abruptly disable Fable 5 and Mythos 5 for all our customers to ensure compliance. Access to all other Claude models is not affected. We apologize for this disruption to our customers. We believe this is a misunderstanding and are working to restore access as soon as possible. Read our full statement: anthropic.com/news/fable-myt…

🌘 Kimi-K2.7-Code, our latest coding model, is now released and open-sourced! 🔷 Improved coding & agent performance over K2.6: 21.8% on Kimi Code Bench v2, 11.0% on Program Bench, and 31.5% on MLS Bench Lite. 🔷 Reasoning efficiency: Less overthinking, with 30% lower reasoning-token usage compared to K2.6. 🔷 Long-horizon coding: Improved instruction following, higher end-to-end coding task success rates. ⚡️ 6x High-Speed Mode coming soon! 🔌 Available today via Kimi API and Kimi Code. 🔗 Kimi Code: kimi.com/code 🔗 API: platform.moonshot.ai

Been wanting this to exist for a while, so I built it. ProofOfRep, a reputation board for bug bounty programs and contests. Report your unfair or dishonest experiences, with proof, and I'll manually review everything. Hope it helps SRs focus on projects that actually take security seriously. Still early. Let me know if this sucks or if it's useful. All feedback welcome. proofofrep.xyz/

LlamaRisk has published an ARFC proposing a new standardized Risk Framework that governs all assets on @Aave V3, V4, and Aave Horizon. The framework establishes standards for evaluating asset, bridge, and chain-level risk criteria, and for monitoring and automated risk management systems.

了解了一下 Zcash 纰漏的漏洞情况： Orchard 的 Halo 2 电路实现存在约束缺失。 攻击场景分析 攻击者可以利用 Halo 2 电路约束缺陷，可以提交一个由虚假 Note 构成的 Action 来通过 Halo2 的验证，得到新的输出 Note。 由于链上只能验证哪些 Nullifier 被使用了，无法验证被使用 Note 的来源，再加上链上的资金流向不可追踪且历史供应量无法全量统计，所以无法确认漏洞是否被利用来增发代币。 为什么 Orchard 的历史供应量无法全量统计？ 因为 Orchard 的历史供应量来自一下三个渠道： 1. 透明池转入 [公开]：用户从 t-address 向 z-address 转账 2. 挖矿奖励 [不公开]：矿工可以选择将区块奖励直接发到 z-address 3. 旧池迁移 [不公开]：Sprout → Sapling → Orchard 的池间迁移 所以即使你精确统计了历史上所有透明转入的金额，也只能得到了一个理论下限，无法得到准确的金额。而且，对于增发来说，得到一个下限是没有意义的。

Strategy has acquired 1,550 BTC for $101 million to increase our $BTC Reserve to ₿845,256. We have also increased our USD Reserve by $100 million to $1.0 billion. $MSTR $STRC strategy.com/press/strategy-…

FloorProtocol V2攻击事件分析:伪造 NFT ID 触发双重下溢 hackmd.io/@spdadi/BkyJaZN-Gg

Preliminary Postmortem: Syscoin Bridge Incident We want to provide the community with a preliminary update regarding the recent Syscoin bridge incident involving approximately 5B SYS. The Syscoin bridge is currently paused while the team investigates, finalizes the fix, and works on rectifying the unauthorized SYS output created through the affected bridge path. Summary An attacker exploited a validation issue in the bridge flow that resulted in an unauthorized SYS output being created on the UTXO side. The affected funds were moved and split after reaching the UTXO chain. We are actively tracing those funds and coordinating with exchanges and ecosystem partners to prevent the tainted outputs from being deposited, traded, or further distributed. What happened Based on our current investigation, the incident involved the bridge relay path incorrectly accepting or interpreting a transaction proof. This caused the bridge system to treat the transaction as valid and create an unauthorized SYS output of approximately 5B SYS through the UTXO bridge path. The funds were first sent to: sys1qgaelv690g7wwp2xchfdh0enf5uewzq5sm9wvcw They were then spent and split into additional outputs. The current large tainted balances appear to be associated with: sys1q2k482wnachkgky4lw60973p4vcf7xlh9kzpv33 — approximately 4B SYS sys1qx6jjkq89sdaxftfgre3m0nv7vjfd4jeakg5t38 — approximately 1B SYS Relevant transactions Initial UTXO transaction: explorer-blockbook.syscoin.o… Subsequent spend: explorer-blockbook.syscoin.o… Split transaction: explorer-blockbook.syscoin.o… Actions taken - The bridge has been paused. - We have contacted exchanges and relevant partners and asked them to blacklist, freeze, or closely monitor any SYS deposits connected to the tainted UTXO trail and all descendant spends. - We are continuing to trace the affected funds and coordinate with infrastructure providers and ecosystem partners. Remediation The team has identified the affected validation path and has a fix in place. Our priority now is to complete implementation and review of the fix, while also determining the correct process to rectify the unauthorized SYS output and neutralize its impact on the network. We will provide further updates once the remediation path has been finalized. User Guidance Users should not interact with the bridge while it remains paused. We understand the seriousness of this incident and are treating it as the highest priority. We will continue to share updates as the investigation and remediation progress.

Hello world!

了解了一下 Zcash 纰漏的漏洞情况： Orchard 的 Halo 2 电路实现存在约束缺失。 攻击场景分析 攻击者可以利用 Halo 2 电路约束缺陷，可以提交一个由虚假 Note 构成的 Action 来通过 Halo2 的验证，得到新的输出 Note。 由于链上只能验证哪些 Nullifier 被使用了，无法验证被使用 Note 的来源，再加上链上的资金流向不可追踪且历史供应量无法全量统计，所以无法确认漏洞是否被利用来增发代币。 为什么 Orchard 的历史供应量无法全量统计？ 因为 Orchard 的历史供应量来自一下三个渠道： 1. 透明池转入 [公开]：用户从 t-address 向 z-address 转账 2. 挖矿奖励 [不公开]：矿工可以选择将区块奖励直接发到 z-address 3. 旧池迁移 [不公开]：Sprout → Sapling → Orchard 的池间迁移 所以即使你精确统计了历史上所有透明转入的金额，也只能得到了一个理论下限，无法得到准确的金额。而且，对于增发来说，得到一个下限是没有意义的。

🤯An AI security tool has 1st-place performance on security contests from just 1yr ago. Solidity-auditor v3 is out, FREE & Open Source. Thousands of Solidity developers are using the tool already. Upgrade your security baseline, use the tool🫡 pashov.com/solidity-auditor-…

solidity-auditor v3 is launching tomorrow. ~100 people have already tested it and have been reporting valid vulnerabilities on bug bounty platforms. Use with caution. github.com/pashov/skills