The Balancer hack was one of the most significant in the space. Here is a very good report of the hack. Studying real hacks is the biggest alpha. blog.unvariant.io/balancer-hack-…

Our most recent open-source tool 🙌 certora.com/blog/concordan…

It seems Port3 Network token contract w/ cross-bridge support on BSC has been compromised, resulting in an unauthorized mint of one billion (1_000_000_000) tokens. The minted tokens are immediately dumped and the price is tanked. Here is the unauthorized mint:

🚨SlowMist TI Alert: #NPM Supply-Chain Poisoning Analysis — Reconstructing the Shai-Hulud Attack🚨 1️⃣The NPM ecosystem has suffered another large-scale package poisoning attack, closely tied to the Shai-Hulud incident (Sept 2025). This new wave embedded malicious payloads

La semana pasada asistimos por primera vez al DSS y estuvo cargada de aprendizajes sobre seguridad en web3 gracias al Defi Security Summit y todos los speakers que compartieron su conocimiento en seguridad para hacer de la web3 un lugar más seguro para todos.

⚡️Flashloans are an excellent and powerful tool — here I’m leveraging Uniswap V4 to make the most of them. What DeFi strategies come to mind to take full advantage of flashloans? #uniswap #flashloans

🔍 Now it’s time to interact directly with Uniswap V4 swaps. Having been part of the protocol’s audit gives me the confidence to use it without questioning its security — many auditors thoroughly reviewed this code. #uniswap #defi

The Death of the Audit Contest? A 2025 Retrospective I will always be thankful for audit contest companies. They pioneered the open-sourcing of Web3 security knowledge, allowing security researchers (SRs) like myself to improve at a fast and consistent pace. However, looking

🚨SlowMist TI Alert🚨 If you’re doing Vibe Coding or using mainstream IDEs, be cautious when opening any project or workspace. For example, simply using “Open Folder” on a project may trigger system command execution — on both Windows and macOS. ⚠️ Cursor users: especially at

i genuinely think everyone in this space should immediately switch to using Vim. DPRK started abusing VS Code hooks that run _automatically_ in the background when you open a folder. ZERO fucking user interaction required _after_ trusting the repo (the trusting part is important

🚨 #ALERTA | Venden biométricos de mexicanos presuntamente extraídos del SAT Un usuario en foros de ciberdelincuencia afirma tener acceso en tiempo real a los servidores del SATMX y ofrece el paquete completo de identidad: huellas, iris, firma, foto y RFC. Las pruebas

We leverage not only the power of smart contracts but also that of Bitcoin. Instead of saying “written in stone” I prefer to say “written in Bitcoin”—it has more power! #Bitcoin #Blockchain

Node.js y cURL cerraron sus Bug Bounty uno de los motivos: exceso de reportes basura generados con IA. Gente marcando vulnerabilidades que ni entiende. La IA no falla. La gente sin bases, sí. La IA no reemplaza devs. Los expone.

Litecoin update: • A zero-day bug caused a DoS attack that disrupted major mining pools. • Non-updated mining nodes allowed an invalid MWEB transaction allowing them to peg out coins to third party DEX’s • A 13-block reorg reversed those invalid transactions — they will not