nera

The Chief Information Security Officer of Slow Fog, 23pds, posted on the X platform that curl recently fixed 18 security vulnerabilities, involving issues such as authentication bypass, memory safety, and host verification, among which one libcurl vulnerability has existed for about 25 years. The risks are not limited to the curl command line but also widely affect applications, SDKs, containers, firmware, gateways, and CI/CD environments that rely on libcurl. It is recommended to upgrade curl/libcurl as soon as possible and check for the use of old versions of libcurl, especially paying attention to mTLS, proxy authentication, and connection reuse scenarios.

According to official news, OpenAI has officially launched the preview version of the next-generation GPT-5.6 series models, including the flagship model Sol, the balanced model Terra, and the fast low-cost model Luna. GPT-5.6 introduces a brand new maximum reasoning effort and features a super strong mode that accelerates complex tasks through sub-agents.The flagship model Sol introduces the Ultra mode, which combines maximum reasoning intensity with sub-agent collaboration. In the Terminal-Bench 2.1 command line workflow test, Sol achieved a score of 88.8%, which increased to 91.9% in Ultra mode, surpassing GPT-5.5's 83.4% and Claude Fable 5's 88.0%. The mid-range model Terra performs close to GPT-5.5 while being priced at half, and the lightest model Luna is designed specifically for everyday automation tasks. Sol is priced at $5 per million input tokens and $30 for output, and it supports reducing secondary call costs by utilizing prompt caching.In terms of security, the security assessment confirmed that Sol did not exceed the critical thresholds of the Preparedness Framework cybersecurity. OpenAI has invested over 700,000 A100 equivalent GPU hours in automated red team exercises, equipping the entire series of models with a defense stack that includes rejection mechanisms, real-time abuse classifiers, and account-level audits. Although the current limited release follows the U.S. government's security framework, OpenAI emphasizes that it does not want a government-led access mechanism to become the long-term default model, as it would limit defenders' access to cutting-edge tools.

Web3 security company GoPlus Security pointed out that there has been a recent surge in smart contract vulnerability attacks, particularly targeting older contracts that have been deployed for many years. Attackers are leveraging AI technology to quickly discover and exploit these vulnerabilities.Recent typical incidents include:On June 9, a Token of Power (TOP) contract deployed 7 years ago was attacked on Ethereum, resulting in a loss of approximately $1.5 million;On May 25, a WUSD.fi contract deployed 3 years ago was attacked, resulting in a loss of approximately $200,000;On June 14 and June 18, Aztec Network was attacked twice in a row due to an old contract deployed 2 years ago, with total losses exceeding $4 million.GoPlus Security believes that traditional auditing methods are insufficient to effectively cover legacy contracts, and adopting AI-based Always-on Audit services may be the most effective solution currently available, capable of conducting security checks on old contracts in a short period while balancing reliability and cost.

According to Jinshi reports, some U.S. chip stocks fell in after-hours trading, with Micron Technology down nearly 4%, Western Digital and Marvell Technology both down 2%, and Qualcomm down 1%.

The Chief Information Security Officer of Slow Fog, 23pds, stated that researchers have exposed a high-risk vulnerability in CI/CD called Cordyceps, affecting the open-source repositories of major companies such as Microsoft, Google, Apache, and Cloudflare. Attackers do not need corporate accounts or any system permissions; they can simply register a free GitHub account, submit a malicious PR, and leave a comment to forge approvals, steal server keys, and push malicious code, completely taking control of the corporate code repository.

The Sentient Foundation announced an investment of $42 million through its "Open Source AGI Grant Program" to support developers and research institutions building and applying Artificial General Intelligence (AGI) in an open-source environment.It is reported that the program aims to promote open access and ecological development of key AI technologies, ensuring that AGI remains open, decentralized, and aligned with the long-term interests of humanity. The co-launch ecological partners of this program include Alibaba Cloud, Franklin Templeton, Princeton University, and the Indian Institute of Science and Technology.

On-chain data shows that as of now, the HIP-3 market has generated a total revenue of 44 million USD. Among them, 22 million USD has been allocated to HIP-3 developers, and the remaining 22 million USD is used for repurchasing HYPE tokens. HIP-3 is the market creation and incentive mechanism within the Hyperliquid ecosystem, allowing developers to create and operate trading markets and earn protocol revenue sharing based on market performance. The disclosed data indicates that HIP-3 has become an important source of revenue for the Hyperliquid ecosystem while continuously providing financial support for the repurchase of HYPE tokens.

According to the Associated Press, Anthropic's Mythos model has discovered vulnerabilities in the U.S. government's classified systems.

According to reports from Blue Whale Technology, the next-generation Doubao AI phone, jointly promoted by ZTE and ByteDance, may be delayed from its originally expected release in the second quarter due to issues with the filing and certification process. Sources reveal that the phone needs to pass both the large model filing with the Cyberspace Administration and the network access certification with the Ministry of Industry and Information Technology; currently, the product is still in the second application filing stage. If the approval goes smoothly, the new device is expected to be launched as early as July to August this year.In terms of the supply chain, the screen supplier for the next-generation Doubao phone has been changed from Shentianma to BOE, the battery will use Desay battery and ATL cells, and the manufacturing will be handled by Zhongnuo Communications, a subsidiary of Furui Electronics. Additionally, reports indicate that this product mainly adopts a technical route that deeply integrates large models into the underlying operating system, but it currently faces ecological barriers due to the lack of data access permissions from leading platforms like Tencent and Alibaba when implementing system-level agent cross-application calls.

According to Gate market data, major stock index futures in Europe and the United States have declined, with the Nasdaq 100 index futures falling over 1% and the S&P 500 index futures dropping 0.5%. The Euro Stoxx 50 futures and the German DAX index futures fell 0.7%, while the UK FTSE index futures dropped 0.8%.

According to SoSoValue data, the overall trend of the cryptocurrency market is declining, with the NFT sector down 3.79% in the last 24 hours. Within the sector, Pudgy Penguins (PENGU) decreased by 2.96%, and Audiera (BEAT) fell by 6.29%. Meanwhile, Bitcoin (BTC) dropped by 1.06%, falling below $64,000; Ethereum (ETH) decreased by 1.34%, fluctuating around $1,700.Only the SocialFi sector remained relatively strong, being the only sector to rise today, up 1.23% in the last 24 hours, with Gram (GRAM), renamed from Toncoin (TON), increasing by 2.13%.In other sectors, the DeFi sector fell by 0.47% in the last 24 hours, but DeXe (DEXE) surged by 59.33%; the CeFi sector declined by 0.94%, where OKB (OKB) rose by 2.98% due to various factors including the establishment of a joint venture with Intercontinental Exchange (ICE), briefly surpassing $83 during trading; the Layer1 sector decreased by 1.51%, with TRON (TRX) rising by 1.77% during trading; the Layer2 sector fell by 1.51%, while Celestia (TIA) increased by 5.40% against the trend; the Meme sector dropped by 1.55%, but BUILDon (B) rose by 6.27%; the PayFi sector decreased by 2.04%, while Telcoin (TEL) increased by 8.06%.The cryptocurrency sector index reflecting the historical market performance shows that the ssiAI, ssiDePIN, and ssiRWA indices fell by 7.86%, 5.26%, and 2.97%, respectively.

According to Andrew Curran, the next-generation Mythos model from Anthropic, which has stronger capabilities (named either Mythos 5.1 or Mythos 6), has completed training. It is currently uncertain whether this model will be publicly released or kept for internal use only to accelerate the development of subsequent technologies.Analysis indicates that although some cutting-edge models like Fable 5 or Mythos 5 face restrictions or scrutiny regarding public release, this has not slowed down the research and development pace of top AI laboratories. In the face of fierce competition from open-source models represented by GLM-5.2, leading AI companies still need to continuously invest in and train more powerful systems to maintain their commercial and technological leadership.

The blockchain research organization Common Prefix disclosed that on June 10, hackers exploited a vulnerability in the Secret Network and Axelar cross-chain bridge contract to forge deposits and mint uncollateralized tokens, subsequently cashing out approximately $4.67 million.The attack went undetected for seven days until a normal cross-chain transfer failed due to insufficient funds in the escrow account on June 17, revealing the anomaly. The root of the vulnerability lies in the fact that when the contract changed from an escrow model to a minting model, it deleted two key functions responsible for verifying the source of transfers, and it had never undergone an external audit since its deployment in early 2023. Secret Network pointed out that the Axelar bridging infrastructure failed to trigger any effective anomaly monitoring or emergency pause mechanism before the assets were stolen on a large scale.The stolen funds were routed through Osmosis to Ethereum and exchanged for ETH on CoW Protocol, then dispersed into exchanges such as KuCoin, ChangeNow, and HitBTC. Currently, approximately $672,000 remains in the attackers' Axelar wallet. Secret Network has requested Axelar to freeze that address, but the request was denied. Axelar emphasized that its core protocol was never affected, and the exploited contract was not developed or maintained by Axelar. Currently, Axelar has disabled the related cross-chain connections and stated that it is coordinating follow-up actions with exchanges and law enforcement agencies.

The cross-chain protocol Axelar Network released a statement regarding the recent security incident related to Secret Network, stating that there is a misunderstanding within the community about the event. Both Axelar and the Inter-Blockchain Communication Protocol (IBC) were not attacked or compromised. The affected token smart contracts were neither developed, deployed, nor maintained by Axelar, and Axelar's firewall mechanism also prevented the impact from spreading to other chains.It is reported that the exploited contract is a forked version based on CW20-ICS20, but the developers removed two core security checks, resulting in an "infinite minting" vulnerability. By deleting the verification mechanisms originally used to prevent such issues, this fork altered the original trust model of the contract and did not undergo a new security audit.Axelar Network explained that anyone can deploy contracts for cross-chain asset wrapping through IBC, and similar contracts have also been used to wrap tokens from other chains into Secret Network. However, the Secret side fork version in this incident has vulnerabilities due to the removal of key security checks. This incident is not a unique logical flaw, nor is it an issue with the IBC protocol itself, but rather a security risk introduced by modifications to third-party contracts.

In response to rumors regarding the attack on the BNB Chain OLPC/LABUBU liquidity pool, PancakeSwap's official announcement stated that the platform has noted the news related to this security incident. After preliminary verification, PancakeSwap's own smart contracts do not have security vulnerabilities. The project team is still continuously investigating the complete causes of the incident and will promptly share the latest investigation progress once more clues are obtained. Meanwhile, the official reminds users that all relevant event information should be based on content released through PancakeSwap's official channels.

According to CoinPost, SBI Holdings completed a strategic investment in the global stablecoin payment and cryptocurrency trading platform Fasset in May 2026, and announced that its international remittance subsidiary SBI Remit signed a Memorandum of Understanding (MoU) with Fasset. Both parties will jointly build a next-generation international remittance infrastructure based on stablecoin technology.Fasset is a digital bank focused on the Asian, Middle Eastern, and African markets, providing stablecoin settlement, remittance, and investment services through its own payment network "Own Network." It currently covers 125 countries and regions and has over 2 million users. The company completed a $51 million Series B financing in the same month, with investors including SBI Group, Bahrain asset management company Investcorp, and Turkey's Arz Portföy, among others.