News linked to both this project and an event.
QCP Group’s analysis states that U.S.-Iran negotiations have once again collapsed, while the Middle East ceasefire continues, leaving the overall geopolitical landscape relatively static. A shooting incident occurred at the White House Correspondents’ Dinner, with Trump suspected as the target. Following Asia’s market open, BTC briefly surged past $79,000 and ETH above $2,400—but gains quickly reversed amid concerns triggered by news of Iran’s Foreign Minister traveling to Russia for talks with Putin. Since early April, BTC has rallied over 14% cumulatively, marking four consecutive weeks of positive closes. Spot ETFs recorded nine straight days of net inflows totaling approximately $2.11 billion. Strategy funds added over $3.8 billion worth of BTC in the past month. The current key resistance level for BTC lies near the CME gap around $82,000. BTC perpetual contract funding rates remain persistently negative; a breakout above this level could trigger short-covering. Implied volatility continues declining, and risk-reversal skew has narrowed somewhat, signaling gradually rising market interest in upside exposure. Key events this week: - April 29: Earnings reports from Microsoft, Amazon, Meta, and Google, plus the FOMC interest-rate decision. - April 30: Apple earnings report, U.S. Q1 GDP data, and March PCE inflation data.
SlowMist CISO 23pds (@im23pds) disclosed that the Bitwarden CLI version 2026.4.0 was subjected to a Checkmarx supply-chain attack between 17:57 and 19:30 ET on April 22. During this window, attackers abused a GitHub Action within Bitwarden’s CI/CD pipeline to briefly distribute a malicious package via npm. The official statement confirmed that Vault data was not compromised and production systems remained unaffected; only users who installed this specific version via npm during the aforementioned time window were impacted. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials—including API tokens and SSH keys—investigate anomalous activity in GitHub and CI environments, and upgrade to the patched version 2026.4.1.
Vercel has released an analysis of a security incident, stating that certain internal systems were accessed without authorization. The breach originated from a third-party AI tool, Context.ai, used by an employee, which was compromised. Attackers leveraged this to take over the employee’s Google Workspace account and access some environment configuration data. Preliminary impact assessment indicates that a small number of customers’ environment variables—unmarked as “sensitive” (e.g., API keys, tokens)—may have been exposed. Affected users have been notified and advised to immediately rotate their credentials. At present, there is no evidence that data explicitly marked as “sensitive” or the supply chain (e.g., npm packages) has been tampered with. Vercel notes that the attackers demonstrated a high level of technical sophistication. The company is collaborating with Mandiant and multiple security organizations to investigate the incident and has filed a report with law enforcement. Vercel also confirms that its platform services remain fully operational. Users are advised to enable multi-factor authentication, comprehensively rotate potentially exposed environment variables, and review account activity logs and deployment records to mitigate further risk.
According to an official announcement, in response to the recent Vercel platform security incident, Jupiter (@JupiterExchange) stated that it has received no notifications or indications of impact, and its jup.ag frontend does not store any sensitive information. Jupiter has proactively implemented all security measures recommended by Vercel, completed rotation of all keys, and conducted a comprehensive review of system logs—no suspicious activity was found. Monitoring remains ongoing.
23pds, Chief Information Security Officer of SlowMist Technology, retweeted: “The unauthorized access to Vercel’s internal systems appears linked to an internal data leak.” The related tweet states that someone claiming to be “ShinyHunters” on BreachForums is offering for sale—reportedly for $2 million—a purported Vercel internal database, access keys, source code, employee accounts, API keys, NPM tokens, and GitHub tokens. The data allegedly pertains to Vercel’s internal Linear system and internal user management system. Earlier reports indicated that Vercel, a cloud hosting platform, disclosed unauthorized access to its internal systems, affecting a small number of customers.