nock.ing

nock.ing is a blockchain forensics and on-chain analysis platform that helps users track Bitcoin transactions, analyze wallet activity, and detect potential security threats. The company also offers cryptocurrency security services including multi-sig setup, cold storage setup, and forensic analysis for stolen funds.

Visit Website

Latest Updates

December 5, 2025

CRITICAL SECURITY ALERT: Next.js RCE Vulnerability (CVE-2025-66478)

Hope everyone is doing well, something else from my side today, since I still deal with a branch of security (forensics), I thought it would make sense to talk about this. And I know a lot of people here develop React Applications.

A critical vulnerability (CVSS 10.0) has been identified in the underlying React Server Components (RSC) protocol.

This flaw, tracked in Next.js as CVE-2025-66478, can lead to Remote Code Execution (RCE) when processing attacker-controlled requests in unpatched Next.js applications using the App Router.

Immediate Action Required

If you are running an affected version, you must update immediately. There is no configuration option to disable the vulnerable code path.

Upgrade to a patched version: Use the following commands for the latest releases in your current line:

# Recommended Upgrades
npm install next@15.0.5 # For 15.0.x
npm install next@15.1.9 # For 15.1.x
npm install next@15.2.6 # For 15.2.x
npm install next@15.3.6 # For 15.3.x
npm install next@15.4.8 # For 15.4.x
npm install next@15.5.7 # For 15.5.x
npm install next@16.0.7 # For 16.0.x

Canary users: If you are on an affected canary release (14.3.0-canary.77+), you should downgrade to the latest stable 14.x (npm install next@14) or update to 15.6.0-canary.58 (if you require PPR support).

🔍 What You Need to Know Impact: The vulnerability allows untrusted input to influence server-side execution paths, which can result in RCE under specific conditions.

Affected (App Router only): Next.js 15.x, 16.x, and certain later 14.x canary releases.

Not Affected: Pages Router applications, stable Next.js 13.x/14.x releases, and applications using the Edge Runtime.

Please prioritize this update to secure your applications.

Full Advisory Details: https://nextjs.org/blog/CVE-2025-66478

Thanks, take care! also thanks to <#1362244018213359686> <:peepoBlanket:921862253605716029>

November 10, 2025

Sup guys.

On the topic of Bitcoin Core 30 if you are interested, there is a solid video explaining everything and breaking it down that I can recommend:

https://youtu.be/5iUVWBr0a2U?si=ESaquKWkOcq8P1xY

November 9, 2025

🚨 BITCOIN CORE 30.0 RELEASED <a:pepe_police:1200444025975607407> 🚨

🧱 The OP_RETURN Crisis: Unwanted Data Permanence

Someone already took advantage of the OP_RETURN command and posted some AI generated PROM on the Bitcoin Ledger... <:Sadge:1006246644104314950>
As discussed by Bitcoin University (Matthew Krater), storing this unacceptable content exposes individual node runners to severe legal and moral risks in various jurisdictions.

🛠️ The Only Fix: A Consensus Soft Fork

The technical consensus among many experts is that a Soft Fork is the only viable, long-term solution to address this problem at the protocol level and minimize the storage of arbitrary data on Bitcoin.
This is necessary to maintain Bitcoin’s strict focus as "money for everyone," not "arbitrary data storage for everyone".

The biggest fear is governments/bankers taking advantage of the OP_RETURN and start a large scaling attack on Bitcoin by overflowing the Bitcoin Ledger with CSAM.

💾 Community Call to Action: Run Bitcoin Knots To secure the network and actively filter out this undesirable data:

All dedicated community members should run the Bitcoin Knots node software instead of Bitcoin Core. https://bitcoinknots.org/
Knots allows you to immediately adjust mempool filters to block and refuse to relay this garbage content, providing an immediate defense layer.

--- thanks to <#1362244018213359686> , claim your free Founder Pack of 75+ agents at https://dothistask.ai/founder-pack/claim