Security researcher Doyeon Park disclosed a CVSS 7.1 zero-day in Cosmos' CometBFT causing potential node freezes during sync; vendor resistance, downgrades, and disclosure led to April 21 reveal; validators should avoid restarts before patch. Abstract: Security researcher Doyeon Park disclosed a critical CVSS 7.1 zero-day vulnerability in Cosmos' CometBFT consensus layer that could cause nodes to freeze during block synchronization, potentially affecting networks securing over $8 billion in assets. The vulnerability cannot directly steal funds. Park pursued coordinated disclosure beginning Feb 22, but faced vendor resistance to public disclosure and issues with HackerOne. The vendor downgraded a related vulnerability (CVE-2025-24371) to informational on Mar 6, prompting Park to release a network-level proof-of-concept before public disclosure on Apr 21. The advisory recommends Cosmos validators avoid restarting nodes until patches are released; nodes already in consensus may continue but restart and resync could expose them to attacks by malicious peers, risking deadlock.

SlowMist team researchers discovered a privilege escalation and command execution vulnerability CVE-2025-64755 in Anthropic's Claude Code, allowing attackers to execute commands without authorization. A related PoC has been publicly released, and hackers have already exploited this vulnerability to attack crypto users.

Recently, a high-severity security vulnerability disclosed in React server components has raised significant industry concern. The vulnerability, numbered CVE-2025-55182 and also known as React2Shell, has been actively exploited by multiple threat groups, affecting thousands of websites including cryptocurrency platforms, putting user assets at direct risk. This vulnerability allows attackers to execute remote code on affected servers without authentication. The React team publicly disclosed the issue on December 3rd, rating its severity at the highest level. Subsequently, Google Threat Intelligence Group (GTIG) confirmed that the vulnerability has been rapidly weaponized in real-world environments, involving both profit-motivated hackers and suspected state-sponsored attacks, targeting cloud-deployed, unpatched React and Next.js applications.

Recently, a type of front-end attack targeting cryptocurrency users has been spreading rapidly. According to the cybersecurity non-profit organization Security Alliance (SEAL), hackers are exploiting a newly discovered vulnerability in the open-source front-end JavaScript library React to implant cryptocurrency theft programs into legitimate websites, with a significant increase in related attack cases. React is one of the most mainstream web front-end frameworks currently, widely used to build various websites and web applications. On December 3rd, React's official team disclosed that a serious security vulnerability, numbered CVE-2025-55182, was discovered by white-hat hacker Lachlan Davidson. This vulnerability allows unauthenticated remote code execution, enabling attackers to inject and execute malicious code on the website's front end.