Layer-1 network Saga paused its SagaEVM chain after an exploit that moved nearly $7m in tokens to Ethereum, as the team works through an ongoing investigation.

Saga said it stopped the chain at block height 6593800 after identifying a security incident on Jan. 21, and it has kept the network paused “out of an abundance of caution” while it validates the full impact and patches the weakness and reinforces the system.

“We recognize that a pause is disruptive. We made this decision because the safety of our community comes first,” the team said Wednesday in its blog. “Once remediation is complete, we will publish a more comprehensive technical post-mortem.”

SagaEVM remains paused while we finalize the results of our investigation into the Jan 21 exploit.

We’re working with partners on remediation and will publish a post-mortem once findings are fully validated. $7M of USDC was bridged out and converted to ETH.

Extracted funds were…

— Saga ⛋ (@Sagaxyz__) January 22, 2026

Saga Identifies Wallet Linked To $7M Exploit

In its investigation update, Saga said nearly $7M in USDC, yUSD, ETH, and tBTC were transferred to the Ethereum Mainnet, and it identified the wallet it was extracted to.

The team said it is coordinating with exchanges and bridge operators to blacklist the attacker’s address and support recovery efforts, while it continues forensic analysis using archive data and execution traces.

Saga described the attack as a coordinated sequence involving contract deployments and cross-chain activity that ended in rapid liquidity withdrawals.

Chainalysis Estimates $3.4B In Crypto Theft In 2025

Reports on the incident also said the attacker bridged assets to Ethereum and converted proceeds into ETH via swaps.

Saga said the incident affected the SagaEVM chainlet along with Colt and Mustang, but it did not affect the Saga SSC mainnet, the protocol’s consensus, validator security, or other Saga chainlets. It also said it found no evidence of validator compromise, signer key leakage, or consensus failure.

The breach lands as crypto security remains under pressure. Chainalysis estimated the industry saw over $3.4B in theft in 2025, and pointed to large, concentrated hacks as a key driver of losses.

The post Layer-1 Protocol Saga Temporarily Shuts SagaEVM Chain After $7M Exploit appeared first on Cryptonews.

Saga has paused its SagaEVM chain following a smart contract exploit that resulted in the loss of approximately $7 million in bridged assets. Saga has halted its SagaEVM chain after bridged assets were lost due to a smart contract exploit.…

JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a remote code execution (RCE) exploit. Researchers found that a stack buffer overflow vulnerability in Redis (CVE-2025-62507) can be used to run the XACKDEL command with multiple IDs to trigger a..

The post JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability appeared first on Security Boulevard.

Fresh attacks targeted three VMware ESXi vulnerabilities that were disclosed in March 2025 as zero-days.

The post Exploit for VMware Zero-Day Flaws Likely Built a Year Before Public Disclosure appeared first on SecurityWeek.

Participants earned rewards at the hacking competition for Grafana, Linux Kernel, Redis, MariaDB, and PostgreSQL vulnerabilities.

The post $320,000 Paid Out at Zeroday.Cloud for Open Source Software Exploits appeared first on SecurityWeek.

gitlab-runner-research: PoC scripts demonstrating abuse of self-hosted GitLab runners and practical hardening and detection guidance.

In this walkthrough, we’ll explore the Dogcat room on TryHackMe, a box that features a Local File Inclusion (LFI) vulnerability and Docker privilege escalation. LFI allows us to read sensitive files from the system and eventually gain access to the server.There are a total of 4 flags in this machine which we need to find. […]

Prime: 1 is a challenging boot2root machine created by Suraj Pandey. It is designed for those who are preparing for the OSCP exam and is a great way to practice your penetration testing skills. In this blog post, I will walk you through the steps I took to root the machine, including: Performing a port […]

Vengeance is one of the digital world.local series which makes vulnerable boxes closer to OSCP labs. This box has a lot of services and there could be multiple ways to exploit this, Below is what I have tried. Lab requirement: 1. Kali VM 2. Download Vengeance: https://www.vulnhub.com/entry/digitalworldlocal-vengeance,704 3. Some patience. I have written article already […]

This article talks about cracking Level 13 Binary of Cyberstart CTF. The hint that was given for this challenge is “Cyclic Pattern”, which means we need to use pattern finder tool to figure out the length of the buffer and then run the arbitrary function. Let’s crack this: Running the binary gives us this output: […]

Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact that it can be easily exploited by anyone is what made this more terrifying. The first edition of this attack […]

Hut 8 Mining Corp, a cryptocurrency mining company based in Canada, has announced a merger with US Bitcoin Corp. The two companies boards have also agreed to name the new company “Hut 8 Corp” or “New Hut.” Hut 8 announces merger with US Bitcoin The details of this merger agreement said that New Hut would … Continue reading Hackers exploit Sunlogin to execute the Sliver C2 framework

The post Hackers exploit Sunlogin to execute the Sliver C2 framework appeared first on KoDDoS Blog.

The United States government and other key authorities have issued an alert over the increased number of distributed denial-of-service (DDoS) attacks conducted by Russian threat actor groups. These attacks targeted the healthcare sector and are attributed to the KillNet hacking group. Russian hackers launch DDoS campaigns targeting hospitals The KillNet hacking group is attributed to … Continue reading US government warns of DDoS campaigns targeting the US healthcare sector

The post US government warns of DDoS campaigns targeting the US healthcare sector appeared first on KoDDoS Blog.

Don't delay, especially if you're still running an iOS 12 device... please do it today!

In this article we are going to share How to upload a shell on WordPress CMS And get a reverse shell target ...

Read more

The post WordPress Shell Upload appeared first on HackNos.

Vengeance is one of the digital world.local series which makes vulnerable boxes closer to OSCP labs. This box has a lot of services and there could be multiple ways to exploit this, Below is what

Continue readingdigital world.local: Vengeance Walkthrough – OSCP Way

This article talks about cracking Level 13 Binary of Cyberstart CTF. The hint that was given for this challenge is “Cyclic Pattern”, which means we need to use pattern finder tool to figure out the

Continue readingThe Binary Exploitation: Stack based Buffer overflow

Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact

Continue readingLog4Shell Quick Lab Setup for Testing

A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]

The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.

When the Log4j vulnerability emerged in December 2021, Synack and our clients’ security teams immediately sensed its urgency. The Synack Red Team began testing within hours of the initial discovery for our customer base. 

Almost a year later, Log4j continues to show up in our pentesting results. Here are some quick stats from our findings:

• 750+ instances of the Log4j (CVE-2021-44228) missions run by SRT researchers since 2021 as part of our zero day response coverage
• 100+ susceptible instances found so far as part of Synack Penetration Testing
• Over 2 million IPs checked to date  

Log4j Is “Endemic,” Says Federal Cyber Board

The Cyber Safety Review Board (CSRB) called Log4j (CVE-2021-44228) an “endemic” vulnerability in the board’s first published report. The group of public and private sector cybersecurity leaders stated that the vulnerability is expected to continue to be a prominent threat for “a decade or longer.”

The CSRB’s consideration of Log4j as a persistent threat points to the critical nature of such zero days. They are not something to be solved in the week they appear, with security teams “working through the weekend” and then moving on. They highlight the larger need for readily available talent and emergency response processes across a longer span of time.

Luckily, there have been no successful Log4j-based attacks to critical infrastructure, according to the CSRB. However, the board urges organizations to continue to mitigate risk related to Log4j and prepare for future zero day vulnerabilities of similar criticality. 

Log4j and the Cyber Talent Gap – Surge Capacity

Nearly two in three organizations say they are understaffed in cybersecurity. But even for those that report having enough cyber talent on hand, the surge demand needed to respond to a vulnerability like Log4j can still be taxing. The CSRB report states:

“Perhaps most significantly, the force exerted on the urgent response and the challenges in managing risk also contributed to professional “burnout” among defenders that may, compounded with the generally intense pace of many cybersecurity jobs, have a long-term impact on the availability of cybersecurity talent.”

Chris Hallenbeck writes for VentureBeat about lessons learned in the face of Log4j, including the fact that the “skills shortage is an existential threat.” If organizations are to effectively prepare for future CVEs and zero days, they must consider their hiring strategies in the face of the cyber talent shortage, while also considering how to deal with potential burnout and stress from surge demand in the face of emergency. 

Preparing for Zero Day Response with Human Talent

The CSRB issued recommendations to mitigate zero day risks, including the documentation of a vulnerability management and response program, and consideration of “cultural shifts” that are “necessary to solve for the nation’s digital security.”

Synack believes that the most effective way to test for a zero day vulnerability is with human expertise. Scanners are not able to detect zero day vulnerabilities until they are updated with a signature for the vulnerability. 

In the face of the cybersecurity talent gap, testing with humans to meet the surge demand of a zero day can be challenging. That’s why on-demand access to a community of researchers is paramount. Synack provides access to such a community, the Synack Red Team, through a SaaS platform, for on-demand zero day response. This talent augmentation can be a key cultural shift for companies struggling to hire or retain cyber talent, and can help prevent an in-house team from experiencing the severe burnout alluded to above.

Within the Synack Platform is a catalog of CVEs that can be tested on-demand by skilled SRT researchers. When Log4j first emerged, it was added to the catalog within hours, and top researchers began testing and collaborating on methodologies. 

After only a few days, Synack had checked over half a million IP addresses confirming the status of thousands of CVE-2021-44228 checks and providing detailed reports containing proof of work and methodologies. 

Contact us today for a conversation about how we can help you mitigate Log4j risk or prepare for future zero days.

The post Preparing for the Next Log4j in the Face of the Cyber Talent Gap appeared first on Synack.