stems

The open-source data visualization tool Grafana has released the latest progress on the investigation of the security incident on May 16. The investigation found that this incident was limited to the GitHub environment of Grafana Labs, including both public and private source code as well as internal GitHub repositories, and did not affect customer production systems, operations, or the Grafana Cloud platform. The downloaded content, in addition to the source code, also included some repositories used by the team for collaboration and storage of internal operational information and business details, involving business contact names and email addresses, rather than data from production systems or the cloud platform.Grafana Labs has made it clear that the codebase was downloaded but not tampered with, and currently, customers and open-source users do not need to take any action. The incident originated from a TanStack npm supply chain attack conducted through the Mini Shai-Hulud campaign. Grafana Labs detected malicious activity on May 11 and initiated an emergency response, but a credential was overlooked, allowing the attacker to gain access. After receiving a ransom demand on May 16, the company decided not to pay the ransom and has rotated automated credentials, implemented enhanced monitoring, audited all commits since May 11, and significantly strengthened GitHub security configurations. The company has notified federal law enforcement, and the investigation is ongoing.

B.AI announced full access to China's mainstream payment systems, with WeChat Pay, Alipay, and UnionPay now open to users. Starting today, users can complete the entire process of account recharge, subscribing to AI services, and accessing top AI models and Agent services in a familiar payment environment. This payment upgrade lowers the usage threshold, allowing individual developers and enterprise clients to more conveniently experience cutting-edge AI capabilities, making the entire usage process smoother, more natural, and localized. B.AI will continue to optimize the product experience in the future, committed to integrating smarter and more efficient artificial intelligence services into everyone's daily work and life.

According to Cointelegraph, the Central Bank of Brazil (Banco Central do Brasil, BCB) issued Resolution No. 561, prohibiting the use of virtual assets for settlement within the regulated international payment and transfer services (eFX) framework, further tightening the regulation of crypto assets in the cross-border payment sector.Under the new regulations, payments and receipts between eFX service providers and their overseas counterparts must be completed solely through foreign exchange transactions or transfers of funds from non-resident Brazilian real accounts, and the use of crypto assets or stablecoins for settlement is not allowed. This restriction also applies to eFX service providers that have not yet been formally included in the approved category but are in a transitional period; these institutions must apply for authorization from the Central Bank of Brazil by May 31, 2027, if they wish to continue operating.This regulation does not constitute a comprehensive ban on crypto asset transfers in Brazil, but rather explicitly excludes crypto assets and stablecoins from the regulated eFX cross-border payment channels, reinforcing that cross-border capital flows must be regulated through the official foreign exchange system.

According to The Wall Street Journal, Parallel Web Systems, an AI infrastructure company founded by former Twitter CEO Parag Agrawal, has completed a $100 million Series B financing round, with a post-money valuation of $2 billion.This round was led by Sequoia Capital, with participation from existing investors such as Kleiner Perkins, Index Ventures, and Khosla Ventures. Parallel provides efficient web search and access control infrastructure for "long-cycle" AI agents, having raised a total of $230 million, with around 50 employees, serving over 100,000 developers and enterprise clients. The current focus is on expanding the sales, marketing, and R&D teams, continuously laying out the enterprise-level "AI agent web" scenario.

According to the official announcement, the Gate TradFi stock section has launched 52 contracts for difference trading pairs including GIS (General Mills), MPWR (Monolithic Power Systems), HSY (Hershey), COTY (Coty Inc.), CTSH (Cognizant), INFY (Infosys), SO (Southern Company), ALK (Alaska Airlines), BAP (Credicorp), CIB (Grupo Cibest), SYY (Sysco), DD (DuPont), DTE (DTE Energy), PSX (Phillips 66), AON (Aon), MCO (Moody's), CHT (Chunghwa Telecom), GT (Goodyear Tire & Rubber), GFS (GlobalFoundries), MAR (Marriott International), WYNN (Wynn Resorts), SYF (Synchrony Financial), EPD (Enterprise Products Partners), CBOE (Chicago Board Options Exchange Global Markets), IVZ (Invesco), MLM (Martin Marietta Materials), EXC (Exelon), PNC (PNC Financial Services Group), AMT (American Tower), BDX (Becton Dickinson), WMB (Williams), AIG (American International Group), CPRI (Capri Holdings), HBAN (Huntington Bancshares), SYK (Stryker), ZTS (Zoetis), BMRN (BioMarin Pharmaceutical), APD (Air Products and Chemicals), STT (State Street), XLE (State Street Energy Select SPDR ETF), IBIT (iShares Bitcoin Trust), ASTS (AST SpaceMobile), AUPH (Aurinia Pharmaceuticals), PTON (Peloton Interactive), CRON (Cronos Group), GPRO (GoPro), OPFI (OppFi), RIG (Transocean), XRX (Xerox), MANU (Manchester United), URA (Global X Uranium ETF), LIT (Global X Lithium Battery ETF), supporting 4x fixed leverage.In addition, the Gate TradFi stock section will launch the second phase of the new coin airdrop from April 29 at 16:00 to May 8 at 16:00 (UTC+8). During the event, users can register to receive 30 USDT and can share a prize pool of 100,000 USDT by participating in the trading of newly listed assets, with a maximum individual reward of 3,130 USDT.

The Chief Information Security Officer of Slow Fog Technology, 23pds, forwarded a message from the dark web intelligence account Dark Web Intelligence (@DailyDarkWeb), stating that the hacker group ShinyHunters claims to have infiltrated internal systems related to the Anthropic Mythos model and has shared screenshots of the user management panel, AI experiment dashboard, model performance, and cost analysis. The authenticity of this information has not yet been confirmed by Anthropic.Given that many companies have previously applied to trial the related models, if the news is true, it could pose indirect security risks to leading tech companies and those in the cryptocurrency industry.

Vercel announced a security incident analysis, stating that some of its internal systems were accessed without authorization. This was caused by a third-party AI tool, Context.ai, used by an employee being compromised, allowing the attacker to take over their Google Workspace account and access some environment configuration data.The initial impact is that a small number of environment variables not marked as "sensitive" (such as API Keys, Tokens, etc.) may have been leaked. Relevant users have been notified and advised to rotate their credentials immediately. There is currently no evidence that data marked as "sensitive" or the supply chain (such as npm packages) has been tampered with.Vercel stated that the attacker possesses a high level of technical skill and has partnered with Mandiant and several security agencies to investigate, and has reported the incident to law enforcement. They also emphasized that platform services are still operating normally. Additionally, users are advised to enable multi-factor authentication, comprehensively rotate potentially leaked environment variables, and check account activity logs and deployment records to prevent further risks.

According to official news, the cloud hosting platform Vercel has confirmed that a security incident has occurred, involving unauthorized access to some internal systems.Currently, only a small number of customers have been confirmed to be affected, and Vercel is communicating directly with the relevant customers. Vercel stated that its services are still operating normally, and it has initiated an investigation and hired incident response experts to assist in handling the situation, while also notifying law enforcement.Vercel recommends that all customers review their environment variables and use the sensitive environment variable feature to enhance security protection.

According to official news, Circle has released its vision for the development of the internet financial system in 2026, proposing to focus on building cross-chain interoperability infrastructure, liquidity orchestration capabilities, and an institutional-grade asset issuance system to promote the efficient flow of value in a multi-chain ecosystem.In terms of cross-chain infrastructure, Circle stated that it will launch features such as "Fast Transfer" in the future, achieving second-level settlement without waiting for final confirmation from the source chain, thus improving the efficiency of fund utilization. In the asset expansion layer, the CCTP plans to extend to more assets beyond USDC, including EURC, USYC, and cirBTC, and support the issuance and circulation of real-world assets (RWA) across multiple chains.In addition, Circle is advancing cross-chain process coordination, simplifying multi-chain operational processes through tools such as Bridge Kit, Deposit Kit, Fee Service, and Workflows, achieving "one-click" cross-chain interaction, reducing development complexity, and enhancing user experience.

Cryptocurrency ATM operator Bitcoin Depot disclosed that it lost approximately 50.9 bitcoins in a cybersecurity incident, equivalent to about $3.7 million at current prices. According to documents submitted to the U.S. Securities and Exchange Commission (SEC), the attack occurred on March 23, with hackers obtaining credentials related to the company's enterprise-level bitcoin wallet, allowing them to breach some internal systems. Bitcoin Depot stated that customer accounts, the platform, and personal data were not affected.

The Solana Foundation stated that it is launching a series of security enhancement initiatives, including a STRIDE security assessment and monitoring system led by Asymmetric Research, as well as a SIRN response network for handling security incidents.Among them, STRIDE will conduct independent assessments of ecological protocols and provide ongoing operational security (opsec) and proactive threat monitoring, offering formal verification support for projects with a TVL exceeding $100 million. SIRN is composed of multiple security agencies and research teams to collaboratively carry out real-time security incident responses.

According to CoinDesk, Jon Herrick, Chief Product Officer of the New York Stock Exchange (NYSE), stated at the New York Digital Assets Summit that the NYSE is committed to integrating blockchain technology into the existing market infrastructure rather than replacing traditional systems. Herrick emphasized that the exchange is pursuing "interoperability" and exploring the application scenarios of tokenized assets within the existing system, including real-time or near-real-time settlement and extended trading hours.He also pointed out that existing mechanisms such as central clearing still have irreplaceable risk management value and should be retained. Herrick predicted that the boundaries between traditional assets and tokenized assets may gradually disappear within the next decade. In addition, the NYSE's parent company, Intercontinental Exchange (ICE), made a strategic investment in the cryptocurrency exchange OKX earlier this month, and the two parties will collaborate in the fields of crypto futures and tokenized stocks.

According to CoinDesk, Amy Oldenburg, the head of digital asset strategy at Morgan Stanley, stated at the New York Digital Assets Summit that the entry of large Wall Street banks into the cryptocurrency space is not driven by concerns over missed opportunities, but rather the result of years of advancing the modernization of financial infrastructure.Oldenburg pointed out that Morgan Stanley's digital asset strategy covers multiple aspects including trading, asset management, and infrastructure. The bank plans to launch support for tokenized stock trading on its alternative trading system in the second half of 2026, which currently handles stocks, ETFs, and American Depositary Receipts.Internally, the bank is overhauling its decades-old core systems to support faster settlement and continuous trading. Oldenburg emphasized that the complexity of financial institutions' systems far exceeds the expectations of startups, and no single institution can complete the modernization transformation alone; it requires the collaborative effort of the entire global financial network.

Amy Oldenburg, the head of digital asset strategy at Morgan Stanley, stated that Wall Street's push into crypto is not driven by FOMO, but rather the result of years of internal work on modernizing financial infrastructure.She pointed out that Morgan Stanley is expanding its digital asset strategy into areas such as trading, asset management, and infrastructure. Previously, the bank's related business mainly focused on providing high-net-worth clients with exposure to Bitcoin funds and offering spot Bitcoin ETFs on its E*Trade platform, while recently it has submitted an application to launch its own spot Bitcoin ETF.Amy Oldenburg revealed that Morgan Stanley plans to support tokenized stock trading in its alternative trading system in the second half of 2026, a platform that currently handles stocks, ETFs, and American Depositary Receipts.She also emphasized that upgrading decades-old core banking systems, enhancing system connectivity, and coordinating progress within the global financial network remain major challenges, despite the rising attention on tools like stablecoins and the ongoing accumulation of institutional crypto activities.

Bitcoin payment service provider Bitrefill disclosed on platform X that it suffered a cyberattack on March 1, 2026, resulting in a customer data breach. The attack originated from a compromised employee's laptop and allowed the attackers to access certain databases and cryptocurrency wallets.Investigations revealed that the attack method was highly similar to past attacks on cryptocurrency companies by the North Korean DPRK Lazarus/Bluenoroff hacker group. Approximately 18,500 purchase records involved limited customer information (email, cryptocurrency payment addresses, and IP metadata), with about 1,000 records having customer name information stored in an encrypted format, but potentially accessible. Bitrefill stated that customers do not need to take special actions but are advised to be vigilant for unusual information.Bitrefill further added that it has currently shut down related systems for isolation and is collaborating with security experts, on-chain analysts, and law enforcement. Operations have nearly returned to normal. The company emphasized that it is long-term profitable and financially robust enough to absorb this loss and will continue to strengthen cybersecurity measures, including internal access controls, monitoring, and emergency response mechanisms.

Hester M. Peirce, a commissioner of the U.S. Securities and Exchange Commission, stated that a research initiative for a "regulatory exemption" for tokenized securities has been launched, allowing limited trading and technical experimentation for certain tokenized securities. This exemption plan will be more cautious than the "comprehensive exemption" proposed by the industry.She believes it is worth exploring whether different types of tokenization models for securities can be tested under the innovation exemption framework and whether issuer consent is needed for third parties to issue tokenized versions of their stocks, in order to promote technological innovation while avoiding regulatory arbitrage and maintaining core investor protection mechanisms.Hester M. Peirce also emphasized that regulators should not overly interfere with private capital allocation. The SEC is currently assessing several key issues, including: whether the existing information disclosure system is sufficient to cover the ownership structure of tokenized securities, the disclosure obligations of brokers and clearing agencies in the issuance of tokenized securities, the compatibility of atomic settlement with the current T+1 settlement rules, and the applicability of regulatory authority in the absence of intermediaries or under new intermediary structures.

According to Axios, Musk's AI company xAI has reached an agreement with the Pentagon to use the Grok system in classified systems. This is the first AI model, besides Anthropic Claude, to be granted access to the military's most sensitive intelligence and weapons development workflows.