ios

The slow fog余弦 social media stated that the high-risk iOS attack framework DarkSword has been publicly leaked on channels such as GitHub and is being used for large-scale espionage attacks targeting cryptocurrency wallet holders.This attack program targets devices running iOS versions 18.4 to 18.7, utilizing vulnerabilities in the Safari browser through malicious web pages to achieve remote code execution, thereby stealing users' sensitive data. Attackers launch attacks using bait web pages that impersonate pornographic live streams, Tron energy stations, refund processes, and more.iPhone users running older versions of iOS, once they access such web pages using the Safari browser (even if they do not close the page), may have sensitive information such as plaintext private keys and mnemonic phrases stolen by malicious JavaScript code when unlocking the wallet app, which is then transmitted in real-time through channels like Telegram bots.

According to the official announcement, Gate Live has officially launched the "Private Mode Live Room" feature, providing a higher level of access control and content security for live streaming scenarios. This feature is now available on the web and is also supported in App version v8.18.0, currently open to all streamers. Streamers can flexibly set keys according to their needs, ensuring that only specific user groups (such as core fans, VIP users, or paying users) can watch live broadcasts, previews, and replay content after entering the key.This feature also brings more flexible marketing scenarios, allowing streamers to conduct various operational attempts such as lotteries, internal sharing sessions, or exclusive events through targeted key distribution, achieving more precise reach and higher conversion efficiency. For users, entering the live room with a key allows them to access higher quality and more targeted content.The Private Mode Live Room not only effectively prevents content from being accessed by non-target users but also makes live interaction more focused, helping to improve overall communication quality and participation experience. This mode can also enhance fans' sense of identity and participation, contributing to increased loyalty and stickiness. The launch of the Private Mode Live Room is an important step for Gate in continuously optimizing the content ecosystem and user experience. In the future, Gate will continue to expand more functional capabilities around live streaming scenarios, helping creators and users establish higher quality and more valuable connections.

Aave officially stated that there may be two types of bad debts arising from the rsETH theft incident, depending on the different handling of rsETH. If the stolen losses are deducted from all circulating rsETH, it is expected to generate $123.7 million in bad debts, which is concentrated in the Ethereum mainnet in absolute terms, and is most severe in proportion on Mantle.If the value of the mainnet rsETH is guaranteed, and all losses are accounted for in the mapped version of rsETH on Layer 2, it is expected to generate $230.1 million in bad debts, all of which will be on Layer 2. Mantle will face a 71.45% WETH shortfall, and Arbitrum will face a 26.67% shortfall; the Ethereum mainnet will not be affected. Aave added that which situation ultimately occurs depends on decisions that Aave cannot control, mainly the accounting method for rsETH and the exchange rate update method of the LRT Oracle.

According to market news, Circle has launched a new solution for high-frequency USDC payments across blockchains. Developers can use the Cross-Chain Transfer Protocol (CCTP) to have local fulfillers make advance payments on the recipient's designated chain, with the platform later completing cross-chain settlement.This model can reduce the operational burden caused by individual cross-chain transfers and is suitable for platforms that handle a large number of payments daily. Compared to the traditional CCTP process of destroying and minting USDC one by one, the new solution supports batch settlement, reduces the number of destructions on the source chain, and eliminates the need for signature infrastructure on the target chain. Circle also demonstrated the process based on the Arc Testnet and Ethereum Sepolia.

According to official news, Gate US has officially launched the Gift Card feature, allowing users to create and send cryptocurrency gift cards directly within the app. This feature supports sending to users who have completed KYC verification via phone number, email, or UID.The recipient can instantly receive the gift card, and the funds will be credited directly. This feature also supports flexible currency combinations, allowing users to pay with one cryptocurrency and gift another asset. All transactions are processed through a KYC-based account system, aimed at promoting security, traceability, and compliance with applicable regulatory requirements.This feature further connects cryptocurrency assets with everyday social scenarios, expanding the practical application value of digital assets beyond transactions. Currently, Gate US holds a total of 35 licenses, with compliant operations covering 46 jurisdictions in the United States. Based on this, Gate US continues to expand the real-world application scenarios of cryptocurrency assets on its platform.

The Cybersecurity Threat and Vulnerability Information Sharing Platform (NVDB) of the Ministry of Industry and Information Technology of China has monitored and found that attackers are using exploit tools targeting Apple Inc.'s terminal products to carry out cyber attack activities, which can lead to serious harms such as information theft and system control. The affected range includes Apple terminal products such as iPhone and iPad running iOS 13 to 17.2.1.Attackers induce users to use the Safari browser to visit web pages containing malicious code through methods such as SMS, email, or web poisoning, comprehensively utilizing security vulnerabilities present in the terminal devices to implant remote control Trojans into the victim's terminal products, stealing sensitive user information, gaining maximum privileges, and taking control.It is recommended that users of Apple terminal products conduct risk assessments, and promptly fix vulnerabilities through version upgrades and patch installations (refer to the Apple Security Updates). Pay attention to system update notifications and the latest security update announcements released by Apple, upgrade to the latest secure version in a timely manner, strengthen security awareness, avoid clicking on unknown links, and prevent the risk of cyber attacks.

The attacker stole the npm access token of the chief maintainer of Axios, the most popular HTTP client library for JavaScript, and used that token to publish two malicious versions containing cross-platform remote access trojans (RATs) (axios@1.14.1 and axios@0.3.4), targeting macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry about 3 hours after being published.According to data from security company Wiz, Axios is downloaded over 100 million times weekly and exists in about 80% of cloud and code environments. Security company Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure window. Notably, the Axios project had previously deployed modern security measures such as OIDC trusted publishing mechanisms and SLSA provenance proofs, but the attacker completely bypassed these defenses. Investigations revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN, and npm defaults to using the traditional token when both coexist, allowing the attacker to publish without breaching OIDC.

Slow Fog has once again issued a security reminder stating to pay attention to checking for malicious versions of axios and the exposure risk of OpenClaw npm global installation history. axios@1.14.1 and axios@0.3.4 have been confirmed as malicious versions, both of which have injected the dependency plain-crypto-js@4.2.1, delivering cross-platform malicious payloads through the postinstall script.The impact of OpenClaw is assessed based on scenarios: source code builds are not affected, as the locked versions in the lock file are 1.13.5/1.13.6; however, users who installed via npm install -g openclaw@2026.3.28 face historical exposure risks due to the presence of optionalDependencies.axios@^1.7.4 in the dependency chain, which may resolve to axios@1.14.1 during the time window when the malicious version is still online. Currently, npm has reverted the resolution to axios@1.14.0, but environments that were installed during the attack window are still advised to be checked. Slow Fog has provided inspection commands and IoC paths for various platforms; if the plain-crypto-js directory is found, even if the package.json has been cleaned, it should still be regarded as high-risk execution traces. It is recommended that affected hosts immediately rotate credentials and conduct host-side inspections. Previously, Slow Fog founder Yu Xian reminded that OpenClaw version 3.28 may introduce a toxic version of axios, and users need to urgently check.

Slow Fog founder Yu Xian issued a security reminder stating: We are fairly certain that if the user's OpenClaw is the latest version 3.28, it may introduce a poisoned axios, please be cautious in your checks.In addition, related Skills may also rely on axios, leading to indirect poisoning. Due to the widespread use of axios, a comprehensive check can be conducted under certain conditions.

According to market news, Socket has detected that version 1.14.1 of the npm core package axios is experiencing an active supply chain attack. The attacker injected a malicious dependency package to implant malicious code into axios. Developers using axios are advised to immediately pin the version and review the project's lock files.

Artelo Biosciences, a company listed on NASDAQ, announced the private sale of a total of 3,188,407 shares of common stock at a price of $3.45 per share, raising a total of $11 million. Additionally, the company disclosed that it will sell up to 6,376,814 warrants for common stock at a price of $3.20 per share. If the warrants are fully exercised in cash, the total funds raised will be approximately $20.4 million, with the transaction expected to be completed around March 30.According to market news, the latest data from the Strategic Solana Reserve shows that Artelo currently holds 45,883 SOL.

Tether announced that its gold token Tether Gold (XAU₮) has launched on the BNB Chain, bringing this leading tokenized gold asset into a broader crypto ecosystem.XAU₮ corresponds to 1 ounce of physical gold (London Good Delivery standard), stored in Swiss vaults, and backed by a 1:1 reserve through independent audits. Data shows that gold prices are expected to rise by about 64% in 2025, marking the largest annual increase in 40 years, driving up market demand for safe-haven assets. During the same period, the market size of gold-backed stablecoins grew from about $1.3 billion to over $4 billion, with XAU₮ accounting for about 60% of the share.This deployment allows users to gain direct exposure to physical gold within the BNB Chain ecosystem without the need for traditional custody, premiums, and settlement processes. At the same time, Tether achieves liquidity interoperability for XAU₮ across more than 12 blockchains through the USDt0 cross-chain network, enhancing the efficiency of issuance, transfer, and settlement.Tether CEO Paolo Ardoino stated that this move aims to integrate gold assets into the modern digital financial system, enabling instant settlement and global circulation capabilities. The BNB Chain side noted that this integration will further strengthen its ecological layout in the realm of real-world assets (RWA).

The Secretary for Financial Services and the Treasury of Hong Kong, Xu Zhengyu, introduced the development of stablecoins and digital renminbi in Hong Kong, stating:The People's Bank of China and the Hong Kong Monetary Authority are working closely together to optimize the arrangements for digital renminbi. Currently, the number of mainland operating institutions responsible for operating digital wallets has increased from four to five, while the number of local Hong Kong banks participating in the "Faster Payment System" for digital wallets has increased from 17 to 18. The number and usage of digital wallets opened with Hong Kong mobile numbers have shown stable growth.According to the People's Bank of China, as of the end of January 2026, approximately 80,000 digital wallets have been registered. The Hong Kong Monetary Authority and local banks have been actively promoting the application of digital renminbi in Hong Kong. Currently, the number of local merchant retail points accepting digital renminbi has increased from about 300 to approximately 5,200, covering chain retail stores, hotels, travel agencies, restaurants, convenience stores, and supermarkets.The People's Bank of China and the Hong Kong Monetary Authority are exploring the arrangements and feasibility for upgrading digital wallets to increase their usage limits, expand application scenarios, and enhance user experience. As the policies and technical details involved still require in-depth discussion, specific plans and timelines are yet to be finalized.Stablecoins and central bank digital currencies (such as digital renminbi), as well as other new payment tools, including tokenized deposits and cross-border connections for rapid payment systems, have the potential to be applied in transaction settlements, local or cross-border payments, and other scenarios, provided they comply with relevant legal and regulatory requirements.These payment tools each have their own characteristics and varying degrees of maturity, and their future development prospects are largely determined by market forces. The government and financial regulatory agencies will continue to explore the potential and application scenarios of various new payment tools, better leveraging their synergies to address more pain points in the real economy.

The Chief Information Security Officer of Slow Fog Technology, 23pds, posted on platform X reminding all users to update their iOS systems in a timely manner. The DarkSword attack program has been leaked, and its core capability is: to extract forensic-level data from iOS devices via HTTP interfaces.In actual attacks, attackers can use social engineering or watering hole attacks to lure users into falling victim, thereby stealing data from iPhones/iPads and uploading it to servers controlled by the attackers.

According to Jinshi reports, Bank of Japan Governor Kazuo Ueda stated that due to the intensification of risk scenarios, the central bank decided not to raise interest rates at Thursday's meeting.

According to CoinDesk, former Snapchat strategic chief Imran Khan stated that cryptocurrency plays a minimal role in its AI strategy, and the driving forces behind cryptocurrency and AI are fundamentally different investment philosophies.His company, Proem Asset Management, focuses its AI investments on productivity and economic growth while limiting direct token investments and viewing cryptocurrency-related investments as part of a broader technological agenda.Nevertheless, according to its latest 13F filing, Proem holds shares in Coinbase (COIN), Robinhood (HOOD), and Bitcoin miner Iren (IREN), and it holds spot Bitcoin through the iShares Bitcoin Trust (IBIT).

Aurelion (NASDAQ: AURE) announced the arrival of the company's first AI virtual employee, Duncan.Aure, and opened access to its AI Agent Skills. This AI Agent has established a dedicated website and is live on social platforms such as X and Telegram, supporting automated trading and strategy execution for XAU₮ through preset Skills modules.Aurelion stated that Duncan is an important exploration for the company in the direction of digital gold infrastructure. In the future, the company will continue to strengthen the strategic positioning of XAU₮ assets while expanding the execution capabilities of the AI Agent in digital gold trading and asset management scenarios, and exploring innovative scenarios such as XAU₮ Shop, allowing digital gold to have more practical applications.