Latest news with #exploit
Yahoo
05-08-2025
- Business
- Yahoo
DeFi Protocol CrediX Taken Offline After $4.5M Exploit
Sonic-based decentralized finance (DeFi) protocol CrediX Finance was taken offline after being struck by a $4.5 million exploit. The protocol, which has been live for less than a month, revealed there was a "security breach" at 9:10 UTC on Monday. The website was taken offline to prevent users from depositing. Blockchain security firm CertiK said all the stolen funds were bridged from Sonic to Ethereum and now sit in three separate wallets. The method of attack remains is unclear but it's worth noting that multi-sig wallet breaches became the most common attack vector in the first half of 2025, contributing to a total of $3.1 billion lost to hacks during that period. "All users funds will be recovered in full within 24-48 hours," CrediX wrote on X to quell the concerns of investors who were unable to access the website. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
21-07-2025
- Forbes
Critical Zero-Day Exposes FTP Servers To Attack
CrushFTP confirms zero-day exploit. Some weeks start better than others. If you are a member of an enterprise security team or sysadmin, this week is not one of them. First, there was the news over the weekend from Microsoft that on-premises SharePoint servers were under global attack from a critical zero-day exploit for which there was no patch. Thankfully, an emergency update has now been released, but the bad news is that this alone will not be enough to stop the ongoing attacks. The bad news gets worse as CrushFTP has confirmed that another critical zero-day vulnerability, affecting all platforms, has been exploited by remote hackers, enabling them to gain admin access as a result. Here's what you need to know, and do, about the CVE-2025-54309 FTP server attacks. CVE-2025-54309 FTP Server Zero Day Exploit Confirmed A public security advisory from FTP vendor, CrushFTP, has confirmed that a critical zero-day vulnerability, tracked as CVE-2025-54309, has been seen in the wild. Stating that the exploit was first observed on July 18, CrushFTP admitted that it 'possibly it has been going on for longer,' as it impacts builds prior to CrushFTP code updates on July 1. 'Hackers apparently reverse engineered our code and found some bug which we had already fixed,' the advisory warned, and they are 'exploiting it for anyone who has not stayed current on new versions.' It would appear that the attack vector employed by the hackers was HTTP(S), with the National Vulnerability Database describing CVE-2025-54309 as being exploited 'when the DMZ proxy feature is not used,' leading to a mishandling of the Applicability Statement 2 protocol for transmitting messages. This 'consequently allows remote attackers to obtain admin access via HTTPS,' the National Institute of Standards and Technology, an agency of the United States Department of Commerce, explained. 'Based on the Indicators of Compromise provided in the advisory, a 'last_logins' value set for the internal 'default' user account is indicative of exploitation,' Ryan Emmons, an offensive security engineer and vulnerability researcher at Rapid7, said. 'As always, we recommend regular and frequent patching,' CrushFTP advised, adding that any users who were up to date would not have been impacted by the exploit. 'Enterprise customers with a DMZ CrushFTP in front of their main are not affected by this,' the statement added.
Forbes
25-06-2025
- Business
- Forbes
Find Your Breakthrough Marketing Channel: Explore Then Exploit
Find your breakthrough marketing channel: explore then exploit You have an insane work ethic and that's dangerous. You're perfectly capable of going into hiding and executing on your ideas without coming up for air. But stop. Where marketing is concerned, this isn't the way. Most founders do marketing wrong when the right way is simple. With every channel, think of yourself as either exploring or exploiting. Exploring to see what works before you fully commit; exploiting to double down and give it all you've got. Don't absent-mindedly dabble in new channels while half-heartedly maintaining old ones. I've watched entrepreneurs burn through marketing budgets straddling strategies. They throw money at Facebook ads one month, switch to LinkedIn outreach the next, then decide content marketing is the answer. They either don't stick with anything long enough to know if it works. Or worse, they stick with something that isn't working for too long, just because it's familiar. So many mistakes, and only one solution. Explore intentionally. Then stop what isn't working, and double down on what is. Understanding the explore or exploit framework for marketing success Smart marketers explore systematically until they find winning combinations, then exploit those wins until returns drop. They test, measure, and scale based on data. Exploration feels uncomfortable because nothing works perfectly. But it's essential. Run small tests across multiple channels: Google Ads, organic social, email campaigns, partnerships. Each test teaches you something about your market. Maybe LinkedIn posts get engagement but no leads. Perhaps webinars attract the wrong audience. It's not failing if you're learning. Set exploration budgets and timelines before you start. Give each channel 30-60 days and enough budget for meaningful results. Track everything: cost per lead, conversion rates, customer lifetime value. When a channel shows promise, run a bigger test to confirm. Most founders quit during exploration because they expect immediate wins. The winners understand exploration is an investment in finding your predictable revenue engine. When you've found an outperforming channel that delivers quality leads at acceptable costs, exploit it. But it's not just a case of throwing all your cash into it. Not just yet. Test different ad copy, landing pages, and targeting options. Improve conversion rates at every step. Scale spending gradually while maintaining efficiency metrics. Watch your numbers closely during exploitation. Set clear thresholds for cost per acquisition and return on ad spend, time or effort. When metrics slip, investigate immediately. Maybe the market's saturated, competition increased, or your message wore out. Don't cling to dying channels. Even proven strategies expire. Your cheese moves constantly. Extract maximum value before moving back to exploration mode. Staying in exploration too long means failing to capitalize on profitable channels. Exploiting too early means scaling losing campaigns or overlooking opportunities. Most founders make emotional decisions, but data should drive your choices. If three channels show similar promise after testing, pick just one to exploit first. Create clear triggers for mode switching. Move from explore to exploit when you find a channel delivering leads in line with your target cost per acquisition. Switch back to exploration when your best channel's performance drops 30% despite optimization efforts. Some founders never leave exploration mode because they're addicted to novelty. Others exploit dead channels because change feels risky. Random testing wastes money. So start with your ideal customer profile. Where do they spend time online? What problems keep them awake? What solutions have they already tried? Use their feedback to prioritize channels and write messaging that resonates. Your customers are telling you what they want. Document every test. Most platforms will give you the key metrics, but to compare, you need a master spreadsheet. Track channel, budget, timeline, messages tested, and results. Review patterns monthly. Maybe video content consistently outperforms text across channels. Perhaps testimonials beat feature-focused messaging. These insights compound over time. Soon you'll spot winning combinations faster because you understand what your market responds to. Balance both modes for sustainable growth Markets change. Platforms evolve. Customer behaviors shift. Companies that stop exploring eventually watch others in their field eat their lunch. Those that never exploit struggle to grow. Know when to search and when to scale. Don't fail trying both simultaneously, achieving neither. Pick your mode. Set clear criteria for switching. Execute with focus until data tells you otherwise. Marketing is a system to explore with purpose and exploit with discipline. Let's get going.
Yahoo
07-06-2025
- Yahoo
Hackers discover Nintendo Switch 2 exploit one day after launch — minor hack allows running custom code on top of OS
When you buy through links on our articles, Future and its syndication partners may earn a commission. Some enterprising hackers have already discovered an exploit on the just-launched Nintendo Switch 2. Bluesky user David Buchanan was the first to show off the exploit, where he apparently discovered a weakness in the console's shared library. This vulnerability, called a userland Return-Oriented Programming exploit, allows Buchanan to manipulate a program by overwriting its return address to another piece of code. When chained together, this can force the system to work in an unintended manner — in this case, display custom checkerboard graphics. Since this is only a userland exploit, it only runs on the user level and does not affect the Switch 2's kernel, nor does it give you root access to the device. Buchanan said that this has no practical purpose, meaning this won't jailbreak the console and allow users to modify it in unintended ways. They even admitted that they can't prove that they're running an exploit instead of just playing a YouTube video, although other developers and modders have confirmed that the exploit does exist. The Japanese gaming giant is known for proactively protecting its intellectual property rights. It has gotten to the point that the company said it may brick your console if you use it to modify Nintendo Account Services, and the Switch 2 user agreement is pretty firm about not modifying software. Since the Switch 2 has just been released, it will likely take weeks, months, or even years before someone discovers a way to defeat the company's built-in protections on the handheld. If and when someone finally jailbreaks the Nintendo Switch 2 and creates a custom homebrew OS, we can then see how Nintendo will react. Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
