# Vulnerability İlgili Makaleler

HTX Haber Merkezi, kripto endüstrisindeki piyasa trendleri, proje güncellemeleri, teknoloji gelişmeleri ve düzenleyici politikaları kapsayan "Vulnerability" hakkında en son makaleleri ve derinlemesine analizleri sunmaktadır.

How Dangerous is Mythos? Why Anthropic Decided Not to Release the New Model Publicly

Mythos, a new AI model developed by Anthropic, has demonstrated unprecedented capabilities in autonomously discovering and exploiting critical software vulnerabilities, including zero-day flaws, at a speed far surpassing human hackers—reducing tasks that took days or weeks to mere hours or minutes. This represents a significant escalation from merely assisting attacks to independently planning and executing complex cyber intrusions, such as breaching secure systems like Linux or chaining multiple vulnerabilities for sophisticated exploits. Due to these heightened risks, Anthropic decided against a public release, instead limiting access to select entities like government agencies, financial institutions (e.g., JPMorgan Chase, Goldman Sachs), and tech firms (e.g., Apple, Cisco) for defensive testing. The model’s ability to lower the barrier for cyber attacks, potentially enabling even low-skilled hackers to conduct advanced operations, has raised national security concerns, prompting urgent high-level meetings in Washington and warnings from officials. While AI may improve long-term security, it currently creates a "dark period" where offensive capabilities outpace defenses, exacerbating challenges in patching vulnerabilities quickly.

marsbit7 saat önce

How Dangerous is Mythos? Why Anthropic Decided Not to Release the New Model Publicly

marsbit7 saat önce

OpenClaw Goes Viral, Exposing 12 Types of Critical Vulnerabilities; MCP Protocol Security Benchmark Released

The rapid rise of OpenClaw and similar AI Agents highlights the growing security risks associated with the Model Context Protocol (MCP), a standard enabling models to interact with external tools. Researchers from Beijing University of Posts and Telecommunications introduced MSB (MCP Security Bench), a security benchmark identifying 12 types of attacks across MCP’s three core stages: task planning, tool invocation, and response handling. These include name collision, false errors, retrieval injection, and mixed attacks. Notably, more capable models are often more vulnerable, with an average attack success rate (ASR) of 40.35%. The study also proposes a new metric, Net Resilient Performance (NRP), to balance security and utility. MSB evaluates agents in real-world environments, demonstrating that attacks remain effective even when harmless tools are present. The work underscores the urgent need for robust safety measures as AI agents gain broader tool-use capabilities.

marsbit7 saat önce

OpenClaw Goes Viral, Exposing 12 Types of Critical Vulnerabilities; MCP Protocol Security Benchmark Released

marsbit7 saat önce

1 Billion DOT Minted Out of Thin Air, Yet Hacker Only Made $230,000

On April 13, a security breach occurred involving the Polkadot bridge on the Ethereum network, where an attacker exploited a replay vulnerability in the MMR proof mechanism of Hyperbridge’s ISMP protocol. By reusing a historically valid proof and pairing it with a malicious request, the attacker bypassed verification and gained admin and minting rights over the wrapped DOT contract on Ethereum. They then minted 1 billion wrapped DOT tokens—2,805 times the existing supply—and attempted to liquidate them. However, due to extremely low liquidity in the wrapped DOT market, the massive sell-off crashed the token’s price by 99.98%, from $1.22 to approximately $0.000128. The attacker ultimately exchanged the tokens for only about 108.2 ETH (worth roughly $237,000), with gas costs as low as $0.74. The same exploit had been used previously in attacks on MANTA and CERE tokens, resulting in a total loss of around $242,000. Polkadot confirmed that the incident only affected DOT bridged via Hyperbridge to Ethereum and did not impact the native Polkadot network or DOT on other bridges. Exchanges including Upbit and Bithumb temporarily suspended DOT deposits and withdrawals as a precaution. The event highlights ongoing vulnerabilities in cross-chain infrastructure and the critical role of liquidity in limiting actual damages during large-scale exploits. It also reflects a broader trend of increasing DeFi security incidents in early 2026.

marsbit04/13 10:10

1 Billion DOT Minted Out of Thin Air, Yet Hacker Only Made $230,000

marsbit04/13 10:10

Anthropic's 'Cry' Sparks Wall Street Panic! 27-Year-Old, Mythos Instantly Defeated by 8 AIs

Anthropic's announcement of Claude Mythos, an AI tool claiming to discover thousands of zero-day vulnerabilities—including a 27-year-old bug in OpenBSD—triggered alarm on Wall Street and prompted emergency meetings among financial regulators fearing systemic cyberattacks. However, independent tests revealed significant exaggerations in these claims. Researchers found that many reported vulnerabilities were in obsolete software or were impractical to exploit, and the findings relied on only 198 manual reviews. Furthermore, multiple smaller, open-source AI models (some with as few as 3 billion parameters) successfully identified the same critical flaws at a fraction of the cost, demonstrating that AI cybersecurity capability does not linearly scale with model size. Meanwhile, users reported severe performance degradation in Claude Opus 4.6, with reduced reasoning depth and increased API costs. Critics, including prominent hacker George Hotz, accused Anthropic of overstating risks for marketing purposes, creating a "wolf cry" scenario where hype overshadows reality.

marsbit04/12 08:03

Anthropic's 'Cry' Sparks Wall Street Panic! 27-Year-Old, Mythos Instantly Defeated by 8 AIs

marsbit04/12 08:03

Android Flaw Leaves 30 Million Crypto Wallets Open To Attack: Microsoft Analysts

Microsoft analysts revealed a critical security flaw in the EngageLab SDK (v4.5.4), leaving over 30 million Android crypto wallets vulnerable to attack. The "intent redirection" vulnerability allowed a malicious app to bypass Android's sandbox and gain read/write access to a wallet's private data, including seed phrases and keys, without any user interaction. A patch (SDK 5.2.1) was released in mid-2025. Users who haven't updated their apps since then are advised to not only update but also move their funds to new wallets with fresh seed phrases, as any unpatched wallet is considered compromised. The flaw also affected over 50 million apps in total.

bitcoinist04/11 15:31

Android Flaw Leaves 30 Million Crypto Wallets Open To Attack: Microsoft Analysts

bitcoinist04/11 15:31

How Long Can the Ethereum Ecosystem Survive After the Launch of Mythos

Summary: In a conversation between Alan and Marcus, the emergence of "Mythos" — likely an advanced AI-powered security analysis tool — is framed as an existential threat to the Ethereum ecosystem. They highlight several critical vulnerabilities: the $68 billion in locked, immutable, and publicly auditable smart contracts; the centralization risk of Lido controlling 28% of staked ETH; the inability of traditional audits to keep pace with evolving, cross-contract vulnerabilities that Mythos can instantly identify; and the slow, decentralized governance response time that could cripple crisis reaction. The key conclusion is that Ethereum's survival depends on how quickly its community treats this threat with urgency, as Mythos can analyze and exploit vulnerabilities faster than humans can respond. The piece serves as a warning that a large-scale, AI-driven security breach is a matter of when, not if.

marsbit04/09 01:45

How Long Can the Ethereum Ecosystem Survive After the Launch of Mythos

marsbit04/09 01:45

Anthropic Has Developed the Most Powerful AI Model in History, But Dares Not Release It...

Anthropic has developed its most powerful AI model to date, named Mythos, which boasts over 10 trillion parameters—far surpassing current leading models—and a training cost of $10 billion. Mythos demonstrates exceptional capabilities in software coding, academic reasoning, and cybersecurity, significantly outperforming its predecessor, Claude Opus 4.6, in benchmark tests. In a matter of weeks, Mythos autonomously identified thousands of previously unknown zero-day vulnerabilities across major operating systems, browsers, and critical software. Notable discoveries include a 27-year-old flaw in OpenBSD and a 16-year-old vulnerability in FFmpeg, demonstrating its ability to find and exploit complex security weaknesses with minimal human intervention. Due to its unprecedented power and potential for misuse by malicious actors, Anthropic has refrained from publicly releasing Mythos. Instead, it launched the "Project Glasswing" initiative, partnering with leading tech and financial firms like Amazon, Apple, Google, Microsoft, and JPMorgan. Through this program, select organizations gain early access to Mythos Preview to identify and patch vulnerabilities in critical systems. Anthropic is providing $100 million in usage credits to participants and donating millions to open-source security foundations. While AI like Mythos could lower the barrier for cyber attacks, Anthropic emphasizes its potential to greatly enhance defensive capabilities, helping to build more resilient systems and maintain a balanced security landscape.

Odaily星球日报04/08 03:59

Anthropic Has Developed the Most Powerful AI Model in History, But Dares Not Release It...

Odaily星球日报04/08 03:59

Claude Mythos Officially Announced: Performance Crushes Opus 4.6, 'Imprisoned' for Being Too Dangerous

Anthropic has officially announced Claude Mythos, a highly advanced AI model that reportedly surpasses Opus 4.6 across multiple benchmarks, including a 24% improvement in bug-fixing capability and a 17% boost in agent-based computer operations. However, due to its dangerous ability to identify and exploit security vulnerabilities at a level exceeding most human hackers, the model has been deemed a significant risk to public and economic security. Instead of releasing it publicly, Anthropic has initiated "Project Glasswing," a collaborative security effort involving major tech companies like Amazon, Apple, Google, Microsoft, and NVIDIA, along with open-source organizations. These partners will use the preview version of Mythos to strengthen defenses and identify vulnerabilities in critical systems before the model is widely available. Anthropic is also providing up to $100 million in usage credits and donating $4 million to support open-source security initiatives. The move underscores the urgent need to address AI safety at a global scale, as rapidly advancing capabilities could soon outpace existing security measures.

marsbit04/08 00:26

Claude Mythos Officially Announced: Performance Crushes Opus 4.6, 'Imprisoned' for Being Too Dangerous

marsbit04/08 00:26

When AI Solves Security, Will DeFi Return to Its Golden Age?

The article discusses how AI is revolutionizing DeFi security, potentially ushering in a new era of innovation reminiscent of the 2020 DeFi Summer. Previously, high security costs and lengthy audit processes stifled experimentation, as developers avoided unproven ideas due to financial and time constraints. However, AI tools like Nemesis are now drastically reducing these barriers by efficiently detecting complex vulnerabilities, such as reentrancy and economic attacks, with deep contextual understanding and low false positives. These tools, combined with platforms like Battlechain, enable a streamlined workflow: code is written, AI-audited within minutes, deployed on a test chain for real-world attack simulations, and quickly refined. This process compresses development cycles from months to hours at minimal cost. Future advancements may include wallet-integrated AI audits, allowing users to scan contracts in real-time before signing transactions. AI is set to transform DeFi security across development, chain, and user layers, reopening the door to rapid experimentation and innovation. This shift could empower individual developers to create groundbreaking protocols quickly and safely, much like the early pioneers of DeFi.

marsbit04/03 10:14

When AI Solves Security, Will DeFi Return to Its Golden Age?

marsbit04/03 10:14

Turning 200,000 into Nearly 100 Million: DeFi Stablecoin Attacked Again

DeFi stablecoin protocol Resolv Labs was exploited, resulting in a hacker minting 80 million USR tokens using only 200,000 USDC. The attacker’s address (starting with 0x04A2) first created 50 million USR with 100,000 USDC, and later minted another 30 million with an additional 100,000 USDC. This caused USR to depeg, dropping to around $0.25 before partially recovering to approximately $0.80. The incident also impacted related lending markets on Morpho and Lista DAO, which paused new borrowing requests. Additionally, RLP token holders, including Stream Finance—which holds over 13 million RLP tokens—face significant exposure, with estimated losses around $17 million. Initial analysis by DeFi community YAM suggests the exploit occurred because the protocol’s SERVICE_ROLE, which provides minting parameters, was compromised. The system fully trusted this role’s input without on-chain verification or minting limits, allowing the attacker to manipulate the mint amount. The project’s emergency response was also slow, taking nearly three hours to pause the protocol due to multi-signature delays. This attack highlights critical vulnerabilities in off-chain role trust and emergency mechanisms within DeFi protocols.

marsbit03/22 09:47

Turning 200,000 into Nearly 100 Million: DeFi Stablecoin Attacked Again

marsbit03/22 09:47

活动图片

Project Updates

Bitcoin