top of page
ALL POSTS
Agentjacking: How Attackers Trick AI Coding Agents Into Executing Malicious Code
Key Findings Agentjacking attacks trick AI coding agents into executing arbitrary code by injecting malicious payloads into Sentry error events, achieving 85% exploitation success rate At least 2,388 organizations exposed with valid injectable Sentry DSNs; attackers need only a publicly available credential to launch attacks OpenClaw AI agent vulnerable to hidden command injection through contact names, vCards, and location pins that bypass visual truncation and rendering Var
Jun 124 min read
Trust Wallet Urges Users to Update Chrome Extension After $7M Breach
Key Findings Trust Wallet confirmed a security incident involving its Chrome extension version 2.68 that resulted in approximately $7 million in losses. The malicious code in the compromised extension version prompted users to share their wallet mnemonic phrases, which were then used to drain funds. Trust Wallet is advising all users to urgently update to version 2.69 of the extension to mitigate the issue. The company stated it will ensure all affected users are refunded, wi
Dec 27, 20252 min read
Trust Wallet Suffers $7 Million Security Breach
Key Findings Trust Wallet, a popular non-custodial cryptocurrency wallet, has suffered a security breach that resulted in the loss of approximately $7 million in digital assets. The issue was caused by a vulnerability in version 2.68 of the Trust Wallet Chrome extension, which has around one million users. The malicious code in the affected extension version was designed to extract the mnemonic phrases (recovery seeds) of all wallets stored in the extension, and then send the
Dec 26, 20252 min read
bottom of page
