If you enjoy my content and want to help keep it ad-free, please consider supporting my work through donations. Your contributions will allow me to dedicate more time to crafting in-depth articles and sharing even more valuable insights.

0x1191b7d163bde5f51d4d2c1ac969d514fb4f4c62 or officercia.eth - all supported EVM chains;

17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU or bc1q75zgp5jurtm96nltt9c9kzjnrt33uylr8uvdds - Bitcoin;

BLyXANAw7ciS2Abd8SsN1Rc8J4QZZiJdBzkoyqEuvPAB - Solana;

0zk1qydq9pg9m5x9qpa7ecp3gjauczjcg52t9z0zk7hsegq8yzq5f35q3rv7j6fe3z53l7za0lc7yx9nr08pj83q0gjv4kkpkfzsdwx4gunl0pmr3q8dj82eudk5d5v - Railgun;

TYWJoRenGB9JFD2QsdPSdrJtaT6CDoFQBN - TRX;

4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - XMR;

DQhux6WzyWb9MWWNTXKbHKAxBnAwDWa3iD - Doge;

UQBIqIVSYt8jBS86ONHwTfXCLpeaAjgseT8t_hgOFg7u4umx - TON.

As a reminder, I'm also available for personalized OpSec audits and training sessions - tailored for individuals, projects, or entire teams. Thank you so much for your generosity and ongoing support!

• https://x.com/officer_cia/status/1973358613629485311?s=46

📱 Dangerous WhatsApp 0-Click Vulnerability

Researchers have identified a vulnerability in WhatsApp that allows an attacker to hack a device through a specially crafted malicious DNG file.

The attack occurs without any user interaction — the malicious message triggers automatically upon receipt.

This makes the vulnerability especially dangerous for data security and privacy in Web3.

🔗 Details

The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is initiated by sending a specially crafted malicious (DNG) image file to a victim’s WhatsApp account.

As a “zero-click” attack, the vulnerability is triggered automatically upon receipt of the malicious message, making it particularly dangerous as victims have no opportunity to prevent the compromise.

This zero-click RCE vulnerability poses a severe threat to users of WhatsApp on multiple Apple devices, including iPhones, Mac computers, and iPads.

A successful exploit could grant an attacker complete control over a device, enabling them to access sensitive data, monitor communications, and deploy further malware. The stealthy nature of the attack means a device could be compromised without any visible indicators!

• https://x.com/officer_cia/status/1972673288712093948?s=46

#security #alert

• https://x.com/officer_cia/status/1972664625641496699?s=46

#ai

A threat actor stole 8 X Hypurr NFTs airdropped to compromised wallets on HyperEVM in the past hour profiting ~$400K

0x72785D42874E965086829eA789a703fe1a5238df

Source: @zachxbt

RT: https://x.com/officer_cia/status/1972359452746768894?s=46

#security

Victim: 0xa522572cf63e6ceed49db6c77cd9ec76c1d47d09

Network: hyperliquid

Attacker: 0x9bb54e918cca826f5ead55bf4641c693ce3ce316

Exploit: 0x19644bd811542069e36d70101d113f7ea1d9393d

Attack flow:

• The call trace shows a complex chain of delegatecalls through upgradeable proxies and price‐feed adapters culminating in a borrowing operation.
• The attacker appears to manipulate the collateral valuation (via multiple manipulated latestRoundData and getLastUpdateDetails calls) to trigger an undercollateralized borrow.
• The core exploit is executed in the vulnerable borrow() function (in the contract at 0xc627...13d6) where funds are transferred out via HyperliquidExtension::transfer to the attacker’s controlled Receiver.
• The final transfer of all funds to the Receiver indicates that the attacker drains the protocol using the borrow flow.

Source: @defimon_alerts

Rt: https://x.com/officer_cia/status/1972324317619691964

#security