den

SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.

According to Protos, Bitcoin treasury company Twenty One Capital received formal notification from the New York Stock Exchange (NYSE) that it was deemed non-compliant due to insufficient independent directors on the audit committee and must complete rectification by June 5; otherwise, it will be marked as BC (below compliance standards) starting June 9.Previously, Tether completed the acquisition of approximately 89.1 million Class A shares held by SoftBank and terminated the related governance agreement, resulting in the resignation of two directors appointed by SoftBank, one of whom was a member of the audit committee. This left the company with only one independent director on the audit committee during the transition period, which does not meet NYSE requirements. Twenty One Capital stated that it will appoint new independent audit committee members as soon as possible.

Uniswap founder Hayden Adams expressed deep gratitude for the long-term funding and multifaceted support provided by the Ethereum Foundation (EF), but specifically clarified that Uniswap was not incubated by EF, and that he participated as an external grantee with a close personal connection to EF.Previously, EF Chair Aya Miyaguchi and co-founder Vitalik Buterin publicly shared their views on the future direction of the Ethereum Foundation. Miyaguchi stated that part of the reason for proposing the EF mission framework at the end of last year was the issue of deviation in technical discussions.

According to the official announcement, Anthropic has confidentially submitted a draft Form S-1 registration statement to the U.S. Securities and Exchange Commission (SEC) to advance its initial public offering (IPO) of common stock. The company stated that this move means it can choose to go public after the SEC completes its review, but the specific issuance timing still depends on market conditions and other factors. Currently, the number of shares to be issued and the issuance price have not yet been determined. Anthropic also emphasized that this announcement is made pursuant to Section 135 of the Securities Act of 1933 and does not constitute an offer to sell securities or a solicitation of an offer to buy securities.

Coinbase released a retrospective report on the large-scale service interruption event on May 7, 2026.The outage lasted approximately 8 hours, with full recovery taking about 12 hours. During this time, trading, deposits, withdrawals, and most core services were unavailable or severely degraded. Coinbase stated that the outage was caused by multiple cooling units failing simultaneously in the cooling system of a data center in one availability zone (use1-az4) in the AWS us-east-1 region, triggering cabinet thermal protection shutdowns, which led to EC2 instances and EBS volumes going offline, affecting multiple internet services.During the recovery process, the Coinbase trading matching engine lost quorum due to the cluster architecture deployed in a single AWS data center losing most nodes. It required urgent code adjustments and the reconstruction of a new node group to restore operation, gradually restarting market trading during the recovery.Additionally, the AWS-managed Kafka (MSK) service experienced control plane failures, preventing the automatic re-election of partition leaders, further blocking quotes, fees, and some settlement and data flow systems, which expanded the overall impact.After manual partition migration in collaboration with the AWS engineering team, the system gradually returned to normal. Coinbase stated that this incident exposed its shortcomings in cross-availability zone automatic switching capabilities and disaster recovery for managed middleware. The company will upgrade its cross-region hot backup architecture, strengthen regular failure drills, and migrate the Kafka system from dual availability zones to a three availability zone deployment, while also working with AWS to advance root cause fixes and improvements.

Strategy founder Michael Saylor confirmed that the dividend yield of the perpetual preferred stock STRC will remain at 11.50% unchanged in June 2026.

According to an article by "Federal Reserve Mouthpiece" Nick Timiraos, in a speech on Sunday evening local time, former Federal Reserve Chairman Powell stated that if any administration finds an excuse to dismiss Federal Reserve officials simply due to policy disagreements, the Federal Reserve will not be able to survive. Powell currently serves as a Federal Reserve Governor. While speaking generally about topics such as institutions and the rule of law, he did not name any specific president or express any personal grievances. However, when discussing the institutional framework designed to keep monetary policy decision-making power out of presidential control, his wording was extremely precise.Powell emphasized the legal protections aimed at preventing Federal Reserve officials from being arbitrarily dismissed and specifically pointed out that the executive branch "does not play any role in selecting or overseeing the 12 regional reserve bank presidents," who, along with the Federal Reserve Governors, vote together to determine interest rates. "If any administration finds an excuse to dismiss Federal Reserve officials simply due to policy disagreements, then future administrations will surely follow suit," Powell said.He noted that the credibility built up by the Federal Reserve over decades is an "invaluable asset," and he and his colleagues "have a responsibility to defend it."

Zama protocol founder Rand posted on the X platform that, with the assistance of on-chain detective ZachXBT, the root cause of the cUSDC contract freeze has been identified. This freeze was caused by a court-issued injunction against addresses related to the Overnight Finance hacker, which had deposited approximately $12.5 million USDC into the cUSDC contract, accounting for over 99% of the funds within the contract, leading to the entire contract being frozen.Rand emphasized that this freeze is unrelated to the protocol itself or privacy technology, and it is not a sanction against Zama, but rather a typical DeFi judicial restriction scenario. The project adheres to compliance and privacy principles, not confusing the parties involved in transactions, only hiding balances and amounts. Currently, Zama is communicating with multiple parties to advance a resolution, has suspended the cUSDC, cUSDT, and cWETH contracts, and will restore them after completing the investigation and handling of the involved addresses, and will release a detailed review report as soon as possible.

Elon Musk posted on the X platform denying reports that SpaceX has lowered its IPO valuation target to at least $1.8 trillion.

According to CoinDesk, Strategy perpetual preferred stock STRC (Stretch) fell to a low of $97.11 on Thursday, then rebounded to $98.57, failing to maintain the par value of $100. The pressure on STRC mainly comes from Bitcoin's drop to around $73,000, compounded by the effects of the ex-dividend date.Recently, Strategy spent $1.5 billion to repurchase zero-coupon convertible bonds maturing in 2029, causing cash reserves to plummet from about $2.25 billion to $871 million. Based on an annual preferred stock dividend obligation of about $1.7 billion, the current cash can only cover about 6 months, far below the previously set target of 24 months. Executive Chairman Michael Saylor stated that the company will raise funds by selling Bitcoin, issuing additional shares when MSTR's stock price exceeds 1.22 times NAV, or continuing to issue STRC.Meanwhile, competitor Strive Asset Management's perpetual preferred stock SATA continues to anchor at a par value of $100, offering about a 13% dividend yield, and plans to launch a daily dividend mechanism, having completely eliminated debt. Over the past three months, Strive's stock price has increased by about 110%, significantly outperforming MSTR's 12% increase and Bitcoin's 8% increase.

Regarding the incident "DxSale accused of using a backdoor to withdraw $7.3 million in liquidity funds," the security company GoPlus stated that the attack may have been an inside job, and there is still $15.5 million in funds and LP urgently needing rescue. GoPlus recommends that the project team immediately check whether their project LP is locked in the contracts 0xEb3a9C56, 0x81E0eF68, 0x2D045410, 0x5b5e9448, and if so, take immediate measures to withdraw. Since the initial funding source was Bybit, KYC tracing is recommended; the final withdrawal channels are multiple Binance addresses, and it is suggested that the relevant security teams submit on-chain evidence to apply for freezing the attacker's address.GoPlus calls on the project to strengthen security mechanisms, stating that critical admin functions must have a time lock, and Owner permissions must use multi-signature. GoPlus emphasizes that as of now, DxSale has not issued any public incident response statement, and its silence is also worth noting.

In mid-2026, multiple data points indicate that AI tools are generating significant hidden costs. A survey by Entelligence AI of 2,444 companies found that for every $1 spent on AI, $0.44 is used to fix vulnerabilities, $0.27 is spent on rewriting AI-generated code, and $0.11 is consumed by audit and merge delays.The 2026 report from Lightrun further notes that 43% of AI-generated code still requires manual debugging in production environments after passing quality checks, and no surveyed engineering leaders expressed complete trust in the AI outputs that have been deployed.On the infrastructure front, Oracle has accumulated approximately $108 billion in total debt and is raising another $50 billion in 2026 for AI data center construction, with free cash flow nearing negative $13 billion. Over $300 billion of its $553 billion backlog is concentrated in OpenAI, which incurred a loss of about $14 billion last year. In terms of talent, OKX CEO Stax Xu stated that AI agents have exposed employees who rely on impression management rather than outcome production while accelerating execution. The exchange has now incorporated AI proficiency into its employee evaluation system.

According to Jinshi reports, Federal Reserve's Musalem stated on Thursday that, like several Federal Reserve decision-makers last month, he believes the phrase "accommodative stance" should be removed from the post-meeting statement to create the possibility for interest rate hikes. He supports this interest rate decision and believes that the accommodative stance no longer aligns with the economic outlook and risk balance.

The cryptocurrency trading platform SuperEx announced that it officially launched the IBMUSDT and NOKUSDT U-based perpetual contract trading pairs today at 11:00 Beijing time (03:00 UTC).It is reported that the newly launched contract trading pairs support full margin, cross margin, and isolated margin modes, allowing users to experience trading through SuperEx's web and app platforms.

SUPERFORTUNE AI posted on platform X that the team is investigating the GUA security incident that occurred on May 27. This incident caused severe fluctuations in token prices, and preliminary investigations indicate that the incident may involve address tampering in a multi-signature transaction.The announcement stated that the plan was to send additional unlocked tokens to the airdrop claim contract address, but during the execution of the transaction, the funds were mistakenly sent to another hacker address. The team noted that this hacker address had never interacted with any addresses related to SUPERFORTUNE before, so the likelihood of an "address poisoning attack" as a method of attack is low. Additionally, SUPERFORTUNE stated that its internal processes already include a multi-address verification mechanism, and the team is still continuing to investigate the incident and will update the community on the latest developments.

In response to The Information's report that "Polymarket plans to require users to complete KYC due to compliance pressure," Polymarket's Vice President of Engineering, Josh Stevens, stated that the report is not true.Josh Stevens indicated that Polymarket is currently testing a new beta product that only requires some trial users to complete KYC verification during the testing period; the existing Polymarket website has not added any KYC requirements.He further stated that after the testing of this product ends, users will no longer need KYC to use it.

According to The Block, Aztec Labs has acquired Obsidion, the company behind the open-source privacy identity verification tool ZKPassport. Its co-founders Michael Elliot and Theo Madzou, along with their team, will join Aztec Labs to continue developing ZKPassport and related applications.Aztec Labs is building the Ethereum privacy layer two network Aztec Network, which raised approximately $60 million worth of ETH through the AZTEC token sale last year, and previously secured about $125 million in venture capital.ZKPassport allows users to read passports or government documents via mobile NFC, generating cryptographic signatures locally for verifying age, nationality, and "real identity" without exposing full privacy. It has been used for ticketing at the Devconnect conference and for compliance identity verification in the Aztec community token sale. Aztec stated that it will continue to keep the ZKPassport protocol and iOS application open source.

According to Jin Shi reports, Tim Miller, the current host of the blog "The Bulwark Podcast," shared on social media the preliminary informal document content of the U.S.-Iran memorandum of understanding published by Iranian state television.Subsequently, the official White House account "Rapid Response 47" retweeted Miller's post, stating that he "has contracted an extremely severe case of 'Trump Derangement Syndrome,' to the extent that his 'pea-sized' brain has been distorted, and he has begun to treat reports from Iranian state media as facts, even spreading false information on their behalf. Perhaps Tim should register as a foreign government agent under the Foreign Agents Registration Act (FARA)."