Friday , March 7 2025
OWASP

OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

infosecbulletin Tuesday , January 21 2025 Hot Topic

OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the most critical vulnerabilities and provides developers and security professionals with a roadmap to reduce risks in decentralized systems.

  OWASP 2023 – 2025

The OWASP Smart Contract Top 10 lists the most common vulnerabilities in the Web3 space, including:

Sleeping Beauty
Researchers Bypassed CrowdStrike Falcon Sensor partially

By infosecbulletin / Friday , March 7 2025
SEC Consult researchers found a major vulnerability in CrowdStrike's Falcon Sensor, enabling attackers to evade detection and run malicious applications....
Read More
Sleeping Beauty Researchers Bypassed CrowdStrike Falcon Sensor partially

CVE-2025-22224
41,500+ VMware ESXi Instances Vulnerable to Attacks

By infosecbulletin / Thursday , March 6 2025
As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited...
Read More
CVE-2025-22224 41,500+ VMware ESXi Instances Vulnerable to Attacks

Register Now
AI Engineering Hackathon: Registration Open

By infosecbulletin / Wednesday , March 5 2025
On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize "AI ENGINEERING HACKATHON". The prize...
Read More
Register Now AI Engineering Hackathon: Registration Open

Cisco alerts about a Webex flaw that exposes credentials

By infosecbulletin / Wednesday , March 5 2025
Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely....
Read More
Cisco alerts about a Webex flaw that exposes credentials

NVIDIA Issues Warning of Multiple Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025
NVIDIA has released urgent security advisories for multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing platforms. A critical flaw...
Read More
NVIDIA Issues Warning of Multiple Vulnerabilities

Update Now
Chrome 134 Released, Fixes 14 Vulnerabilities

By infosecbulletin / Wednesday , March 5 2025
Google has released Chrome 134 for the stable channel on Windows, macOS, and Linux, effectively addressing 14 security vulnerabilities. Among...
Read More
Update Now Chrome 134 Released, Fixes 14 Vulnerabilities

Broadcom Patches 3 VMware Zero-Days Exploited In Attacks

By infosecbulletin / Tuesday , March 4 2025
Broadcom issued a security alert on Tuesday, warning VMware customers about 3 exploited zero-day vulnerabilities. Vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226...
Read More
Broadcom Patches 3 VMware Zero-Days Exploited In Attacks

Singapore issues new guidelines for data center and cloud services

By infosecbulletin / Tuesday , March 4 2025
The Infocomm Media Development Authority (IMDA of Singapore unveils advisory guidelines to reduce occurrences of disruptions to cloud services and...
Read More
Singapore issues new guidelines for data center and cloud services

Update Alert!
Google Warns of Critical Android Vulns Under Attack

By infosecbulletin / Tuesday , March 4 2025
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws affect...
Read More
Update Alert! Google Warns of Critical Android Vulns Under Attack

CISA adds Cisco and Windows vulns as actively exploited

By infosecbulletin / Tuesday , March 4 2025
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these...
Read More
CISA adds Cisco and Windows vulns as actively exploited

Access Control Vulnerabilities (SC01:2025): Access control flaws can let unauthorized users modify a contract’s data or functions, resulting in major security breaches. In 2024, these issues caused losses of $953.2 million, as reported by SolidityScan’s Web3HackHub.

Price Oracle Manipulation (SC02:2025): Attackers exploit weak data feeds to manipulate external data sources, destabilizing protocols and creating financial chaos.

Logic Errors (SC03:2025): Mistakes in business logic remain a costly issue, leading to improper token minting, flawed lending logic, or incorrect reward distributions.

Reentrancy Attacks (SC05:2025): These attacks exploit a contract’s weak functions to drain funds or disrupt logic, leading to $35.7 million in losses in 2024.

Flash Loan Attacks (SC07:2025): These attacks exploit uncollateralized loans, disrupting liquidity and token prices. Key vulnerabilities include Integer Overflow and Underflow, Insecure Randomness, and Denial of Service Attacks.

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Check Also

FIR

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin