BLOCKMAGE

Takeaway: Automated scanners are essential for flagging capabilities, but manual verification is the only way to determine intent. We acted quickly in hopes of preventing harms, but in this case, we were mistaken. We've removed the post to avoid any confusion (sorry!).

- The SOL wallet identified was actually a character property table in the Oniguruma regex engine. - The "Dropper" patterns were standard Emscripten/LLHTTP boilerplate. - The "Stealer" hits were bundled dotenv and undici dependencies.

Earlier today, we flagged a VS Code extension (rphlmr.vscode-drizzle-orm) based on 21 critical YARA hits from vsix-audit. After manual inspection and deeper analysis, inspecting the .vsix, and reversing the WASM binaries, we’ve confirmed this is a False Positive.

1/ I've been doing some research into how Unity Packages (similar to Node or Pip packages) could be weaponized for malware delivery Let me tell you, it doesn't exactly look good... 🧵

Links: CVE-2025-31201: Apple CVE-2025-31200: Apple and Google Threat Analysis Group macOS Sequoia 15.4.1: support.apple.com/en-us/122400 iOS 18.4.1 and iPadOS 18.4.1: support.apple.com/en-us/122282 visionOS 2.4.1: support.apple.com/en-us/122402

No excuses. These are live use, not theoretical CVEs. Apple doesn’t push same-day cross-platform updates and delete vulnerable code unless the stakes are real. Stay sharp. Patch everything. Watch your traffic. 🧙‍♂️

Two #CVE's, patched across every Apple platform, both marked as actively exploited in the wild: #Apple just released: - macOS 15.4.1, - iOS 18.4.1 - iPadOS 18.4.1 - tvOS 18.4.1 - visionOS 2.4.1 — and you should stop what you're doing and update now.

July 2023 #TornadoCash exit worth 1,400 ETH ($2.6M) Exit via 100 ETH Contract, swaps for USDC, heads out over the Synapse bridge, to Polygon 0xc09d3c2 and get gambled away at @Stake. I see this fairly often when analysing TC. Tool: @MetaSleuth

@zaingaziani @Ledger @Microsoft Sadly received two messages about this from victims today. Seems another person lost funds in just past few min.

Community Alert: There is currently a fake @Ledger Live app on the official @Microsoft App Store which was resulted in 16.8+ BTC ($588K) stolen Scammer address bc1qg05gw43elzqxqnll8vs8x47ukkhudwyncxy64q

1/ An investigation into the Canadian scammer known as Yahya for their involvement in 17+ SIM swaps which resulted in more than $4.5M stolen.

@solminingpunk How else would we know what they are up to all the time?

“Why do you associate with threat actors?” Simple answer to this: When you’re in the active threat field you will converse, infiltrate, befriend, and utilize MANY threat actors, some know the game, and get paid, some don’t and get PTSD. Threat actors are amazing and usually THE Main source of intel in the field. If you’re in cybersecurity you will be around ALOT of threat actors, and you will WORK with them, luckily some are funny and kinda cool. Lol.

Unfortunate but true, web3 sees security as something you pay for once prior to your contract deployment. Brand protection gets sidelined in favor of keeping hype perpetually alive. Not to mention, those who do help, very often get nothing in return, so there's little incentive for professionals, albeit rife with opportunity to improve security across the board. We hardly have a name for the position though, so it can certainly be and feel overwhelming. That said, its always appreciable seeing the builders and the devs and security techs that are here, reaching out and making such efforts. This has been a constant in the space for years despite any market or trends otherwise. There's a sense of purpose to the whole thing because of this, and it certainly brings a level of quality and enthusiasm that you can't rightly find elsewhere. Nice post - cheers.

Web3 is dangerous. Within my career in web2 I've seen how fortune 500 businesses (and small-mid size start-ups), have invested ludicrous amounts of money to safeguard their digital assets and customers through security awareness training. But looking into the world of Web3 - NFT communities specifically, I see businesses neglecting cybersecurity measures left, right, and centre. The only security steps I see MOST businesses take is a once off audit to ensure their infrastructure is safe. The threat landscape is ever-changing as we can see with the ridiculous % of members that are getting drained on the daily. This results in massive damage. Reputation Damage: Too many security incidents can ruin a Web3 business's reputation and cause a loss of trust from within and externally - even if they're not to blame. Web3 companies are often victims of impersonation and phishing attacks. Customer Trust: Customer trust is paramount. Web2 businesses understand that data breaches or security failures can erode that trust, resulting in a loss of customers and revenue. Most Web3 communities don't even have a security structure in place. Community Vulnerability: Many Web3 projects rely on community involvement and contributions. When businesses neglect security awareness, they put not only their own team at risk but also the assets and investments of their community members. As a founder this should be one of your biggest concerns - you WILL be targeted, and knowing this why wouldn't you make your community aware and show them how to keep safe? This is just a few of the problems founders incur. It's high time for Web3 businesses to heed the wake-up call. Neglecting security is no longer a viable option. The success of Web3 relies on the trust of its users and stakeholders. Businesses need help to bridge this gap and provide communities with the option to have an ever-lasting secure environment where ALL members (staff and holders) are equipped with the right knowledge and tools to stay secure. Not just an alert channel that's posted in once a month. I've helped a handful of web3 businesses become more secure. Communities see their founders care/commitment about their holders - which helps grow trust, knowledge and reputation from within and externally. If this is of interest to you - reach out, and keep an eye out for what's coming soon.

@PeckShieldAlert This is another MakerDAO deposit. Now, I dont understand the exact mechanics of this, but after a bit of digging, funds seem to get withdrawn from Maker as USDC and deposited into Coinbase x.com/0xFantasy/stat…

It's release time 🎃 - Responses can now be intercepted and modified - Delete requests from HTTP History - [Pro] Import/export your projects using our new "backups" page - [Pro] Add shell commands to your convert workflows with the new "Shell" node github.com/caido/caido/re…

@nft_sec llm-attacks.org or github.com/llm-attacks/ll…

Check Prompt injection and other vulnerability bounties on bing AI. #ArtificialInteligence #MachineLearning #bing

GM GMers! Tagging people who do great work in this space but I feel are not shown enough love! Go follow ⬇️ @CryptoaaService @WoAS_Necksus @0xFantasy @0xSaiyanElite @1c4m3by @Plumferno @BlockMageSec @BoringSecDAO @brookejlacey @ManicalEngineer Who did I miss? Tag them!

@PocketUniverseZ @1c4m3by @OxSaiyanGod @BlockMageSec @Plumferno @opensea @Server_Forge @1c4m3by saved me the other day 🤝 appreciate your work ♥️

Introducing the Pocket Guardians They've already saved *hundreds* of you from dangerous websites Here's a quick intro ⬇️

3/ - @1c4m3by is a security researcher who's already blocked hundreds of scams - @OxSaiyanGod is a security researcher from @BlockMageSec - @plumferno works at @opensea's trust & safety team and founded @Server_Forge