Tootfinder

Rex-Osprey launches the first spot dogecoin and XRP ETFs in the US after the SEC approved generic listing standards, paving the way for speedier ETF listings (Yaël Bizouati-Kennedy/Sherwood News)
https://sherwood.news/crypto/sec-paves-way…

SEC paves way for speedier crypto ETF listings as XRP and dogecoin ETFs launch
Rex Osprey launched the first spot XRP and doge ETFs today, while Grayscale will soon launch its just-approved multi-asset fund.

HP Wolf security (weird name, or is it just me?) has their September 2025 Threat Insights report available. Key take-aways:
- Heavy use of LOLBINS (legit software built in to Windows used maliciously). Read the report, block or alert on the software used like mshta.exe, hh.exe and cscript.exe.
- Malicious SVG and IMG files are being delivered via email and when opened used to deliver malware. Block or quarantine email messages with SVG and IMG attachments at your email gateway. …

Context Lineage Assurance for Non-Human Identities in Critical Multi-Agent Systems
Sumana Malkapuram, Sameera Gangavarapu, Kailashnath Reddy Kavalakuntla, Ananya Gangavarapu
https://arxiv.org/abs/2509.18415

Context Lineage Assurance for Non-Human Identities in Critical Multi-Agent Systems
The proliferation of autonomous software agents necessitates rigorous frameworks for establishing secure and verifiable agent-to-agent (A2A) interactions, particularly when such agents are instantiated as non-human identities(NHIs). We extend the A2A paradigm [1 , 2] by introducing a cryptographically grounded mechanism for lineage verification, wherein the provenance and evolution of NHIs are anchored in append-only Merkle tree structures modeled after Certificate Transparency (CT) logs. Unlik…

The explosion in crypto treasury companies is making experts in and outside of crypto nervous.
A crypto CEO described the “huge” risk based on assets that have “almost nothing backing [them]”.
Crypto analysts at Galaxy have compared them to the 1920s investment trust collapse.
https://

Finesse: An Agile Design Framework for Pairing-based Cryptography via Software/Hardware Co-Design
Tianwei Pan, Tianao Dai, Jianlei Yang, Hongbin Jing, Yang Su, Zeyu Hao, Xiaotao Jia, Chunming Hu, Weisheng Zhao
https://arxiv.org/abs/2509.10051

Finesse: An Agile Design Framework for Pairing-based Cryptography via Software/Hardware Co-Design
Pairing-based cryptography (PBC) is crucial in modern cryptographic applications. With the rapid advancement of adversarial research and the growing diversity of application requirements, PBC accelerators need regular updates in algorithms, parameter configurations, and hardware design. However, traditional design methodologies face significant challenges, including prolonged design cycles, difficulties in balancing performance and flexibility, and insufficient support for potential architectur…

LoCaL: Countering Surface Bias in Code Evaluation Metrics
Simantika Bhattacharjee Dristi, Matthew B. Dwyer
https://arxiv.org/abs/2509.15397 https://arxiv.o…

LoCaL: Countering Surface Bias in Code Evaluation Metrics
With the increasing popularity of large language models (LLMs) and LLM-based agents, reliable and effective code evaluation metrics (CEMs) have become crucial for progress across several software engineering tasks. While popular benchmarks often provide test cases to assess the correctness of generated code, crafting and executing test cases is expensive. Reference-based CEMs provide a cheaper alternative by scoring a candidate program based on its functional similarity to a reference. Although…

Crypto media company Blockworks is closing its newsroom, launched in 2021, and will focus on software and data, continuing its main newsletters and podcasts (Pooja Rajkumari/TheStreet)
https://www.thestreet.com/crypto/jobs/blockworks-s…

Securing Cryptographic Software via Typed Assembly Language (Extended Version)
Shixin Song, Tingzhen Dong, Kosi Nwabueze, Julian Zanders, Andres Erbsen, Adam Chlipala, Mengjia Yan
https://arxiv.org/abs/2509.08727

Securing Cryptographic Software via Typed Assembly Language (Extended Version)
Authors of cryptographic software are well aware that their code should not leak secrets through its timing behavior, and, until 2018, they believed that following industry-standard constant-time coding guidelines was sufficient. However, the revelation of the Spectre family of speculative execution attacks injected new complexities. To block speculative attacks, prior work has proposed annotating the program's source code to mark secret data, with hardware using this information to decide wh…

On Integrating Large Language Models and Scenario-Based Programming for Improving Software Reliability
Ayelet Berzack, Guy Katz
https://arxiv.org/abs/2509.09194 https://

On Integrating Large Language Models and Scenario-Based Programming for Improving Software Reliability
Large Language Models (LLMs) are fast becoming indispensable tools for software developers, assisting or even partnering with them in crafting complex programs. The advantages are evident -- LLMs can significantly reduce development time, generate well-organized and comprehensible code, and occasionally suggest innovative ideas that developers might not conceive on their own. However, despite their strengths, LLMs will often introduce significant errors and present incorrect code with persuasiv…

SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework
Jeremy Boy, Antoon Purnal, Anna P\"atschke, Luca Wilke, Thomas Eisenbarth
https://arxiv.org/abs/2509.13048

SLasH-DSA: Breaking SLH-DSA Using an Extensible End-To-End Rowhammer Framework
As quantum computing advances, PQC schemes are adopted to replace classical algorithms. Among them is the SLH-DSA that was recently standardized by NIST and is favored for its conservative security foundations. In this work, we present the first software-only universal forgery attack on SLH-DSA, leveraging Rowhammer-induced bit flips to corrupt the internal state and forge signatures. While prior work targeted embedded systems and required physical access, our attack is software-only, targeti…