The lady in red is back. Did you miss me, Leon? 😉 This month my Patr0n/tinyasa will be huge with 4 characters. It doesn’t happen often, hurry up and don’t miss it 🤩 红衣女郎回来了。莱昂，你想我了吗？😉 这个月我的Patr0n/Tinyasa将会有4个角色更新。这样的机会不多，赶快来，不要错过哦 赤いドレスの女性が帰ってきたわ。レオン、私を恋しかった？😉 今月の私のPatr0n/Tinyasaは4キャラクターが登場するよ。こんなことは滅多にないから、急いで見逃さないでね #AdaWong# #RE9# #RE4# #ResidentEvil#

Flare | 聚合你的所有社交信息流。 一款开源跨平台社交聚合客户端，能够将多个社交平台内容整合到同一个应用中。它支持 Mastodon、Misskey、Bluesky、X（Twitter）等平台，并提供“混合时间线”功能，无需频繁切换应用即可统一浏览所有动态。

正好拿今天及昨晚两个案例试了试并截图，一个是 Huma Protocol V1 被攻击： Huma Protocol on Polygon was drained for ~$101.39K. Root cause: refreshAccount(address) could move an unapproved credit line from Requested to GoodStanding. Primitive: approval-state bypass in credit lifecycle. _updateDueInfo() sets state = GoodStanding when no periods are missed, without preserving Requested. Profit: - 82,315.571143 native USDC - 19,074.730401 USDC.e Related wallet addresses: - Attacker EOA: 0x13b44e416e0f66359502e843af2e1191f1260daf - Attack borrower contract: 0x44d4a434ae1529106e4b801315e22721978022a3 - Helper: 0xef8a13797b009228f6e4a25112ea114b7ba6e1b2 Tx: - Attack: 0x7b8d641d76affcc029fd0e0f06ab81ad675b1da21ef79b82e1343016040ba359 - Setup requestCredit: 0x0adf9953c4e2506ffd4526ceee962a9bb61c573eaef60f669605cca68d0ef5aa - State refresh: 0x7126ae1d8e8d1e0c0f1c598de16a035cf309d6cc556e73edc2847de2b5777e5e 比较令我满意的是，Agent 自行找出了触发最终利用的一个前置条件 tx State refresh: 0x7126ae1d8e8d1e0c0f1c598de16a035cf309d6cc556e73edc2847de2b5777e5e 另一个是最近可能新起的钓鱼团伙，采用的是 permit 离线签名钓鱼技巧，这个分析其实很简单，如果 Agent 连这种单利用都识别失败，那只能说完全不及格了。 Mark 下，这些都是不错的实践。

草莓、藍莓、蔓越莓 你今天想我了莓？ Did you miss me today? 眼鏡姊姊系列照片都在照片浮水印 快加入賴找我解鎖🔓 Line： All photos from the ”Sister with Glasses“ series have a watermark. Join Lai Zhaowo to unlock it!

身材顏值都很頂的費歐娜公主 Fiona @fairyberriez 之前原本要在佛羅里達見面 但當時時間對不上 習慣當空中飛人的她 沒想到這趟亞洲行 順道來台灣兩天，終於把遺憾補齊 普天同慶 本人超好聊，笑容又甜美 心都融了~ Her Asia trip finally made up for our missed chance to meet in the US. Fiona is fun, talkative, and naturally sexy, the chemistry in person was even more exciting than I expected. 💕 @ToBulaer @ToBuerma @KawasawaSen @BulmaList #更多都在平台裡# #Chudai# #Doggy# #Interracial# #AmericanGirl#

周末阅读《币安人生》，翻到了 180-182页关于币安被盗 7000枚比特币(2019年5月8日)的经历，颇有共呜。 好巧不巧，在我加入 Trust Wallet 前一个月的圣诞节，插件钱包因为人为小过失，让骇客有机可乘。 @cz_binance 在情况还未被完全诊断清楚之前，率先发推转达Trust Wallet愿意赔偿。 调查后来发现：骇客通过恶意程序渗透了几名员工的电脑，在代码中植入了恶意指令。虽然管理助记词和私钥的核心安全组件并未被攻破，但插件钱包v2.68确实被植入了恶意代码，情况和2019年币安那次类似。在漏洞修复前的短短数小时内打开过插件钱包的用户受到了牵连。 时至今天，@TrustWallet 已加固安全揩施、每天活跃用户量不降反升，对受影响用户赔付进度也已完成95%。而对于已错过申请赔付最后限期的长尾用户，CZ 认为只要对方带著合理凭证，Trust Wallet 该继续受理，「做正确的事」。 Funds are SAFU，从不是一句口号，而是用行动写下的承诺。 Weekend reading Freedom of Money, I reached pages 180-182 about Binance’s May 8, 2019 hack where 7,000 BTC were stolen. It resonated with me. Coincidentally, one month before I joined Trust Wallet, the extension wallet was compromised during Christmas. CZ immediately tweeted that Trust Wallet would reimburse users, even before the issue was fully diagnosed. The investigation showed it was similar to 2019: hackers used malware to infect employee computers and injected malicious code into v2.68 (deprecated). The core seed phrase security was never breached — only users who opened the extension wallet in the few hours before the fix were affected. Today, Trust Wallet has strengthened security, daily active users are up, and 95% of affected users have been compensated. For the remaining vicitms who missed the deadline, CZ believes Trust Wallet should still accept claims with valid proof. Funds are SAFU — not just a slogan, but a promise backed by action.