Resonance Security

🔈 Big news!! Resonance Security @Resonancesec is now officially SOC 2 compliant! 🎉 ☑️ This isn’t just another checkbox— it’s a testament to our commitment to #trust, security, and operational excellence. What does this mean for you? ✅ Rigorous data security & privacy controls in place ✅ Verified compliance with industry best practices ✅ A strong foundation for continuous security improvements 🌅 Achieving SOC 2 #compliance is just the beginning. We’re not here to just meet the baselines — we’re here to set new standards and help others achieve that as well 💪💪 Read more about our entire #SOC 2 journey below 👇 resonance.security/blog-posts/ach… 〰️ Resonance Security

@adcock_brett Living the startup dream 💪

We now have 5 buildings, accelerating very quickly

We’ve built 3 solid low cost or free cybersecurity apps that everyone should try: 〰️ Pulsecheck: A free 2 minute full spectrum cybersecurity assessment. Three options to choose from including businesses, individuals, and web3 focused companies. Don’t worry, we include a data safety attestation and we are SOC2 compliant 🙂 Site >> app.resonance.security/pulsecheck 〰️ Resonance Security Institutional Platform: Covers the most common attack vectors after penetration testing and smart contract audits. Cybersecurity data storage, phishing, data leaks, continuous testing of publicly facing assets, and monitoring of publicly facing assets. Site >> resonance.security 〰️ Phishguard by Resonance: A Google workspace focused browser extension that allows you to scan every email for potential phishing attacks. It safely uses AI to thoroughly investigate every email for threats including things not immediately visible to the naked eye. Site >> lnkd.in/eFZTviDb Feel free to ping me anytime if you want a demo 🫡

The 2025 #Web3 Security Report is live. $3B+ in losses distilled into actionable intelligence for builders. Read the patterns. Verify your math. Secure your protocol. Check out the report NOW: resonance.security/blog-posts/202…

Benjamin Franklin said "An ounce of prevention is worth a pound of cure." Three US banks just proved him right with a 50% phishing reduction. One bank hit 90%. Not by blocking emails, but by cataloging every phone number scammers could spoof. Three major US banks implemented FS-ISAC's "Stop the Scams" framework. Result: 50%+ reduction in text-based phishing abuse within months. Bank A achieved 90% reduction. The Strategy: Don't just block individual scam emails. Catalog every legitimate phone number your bank uses, then register inbound-only numbers in "Do Not Originate" (DNO) registries. How DNO Works: When scammers spoof your bank's customer service number, telecom carriers automatically block or flag calls as "Potential Spam" using STIR/SHAKEN protocols. Every bank should follow these four pillars: 1. Structured intake forms for phishing reports (maximizes intelligence, minimizes consumer friction) 2. Abuse box infrastructure for real-time threat sharing 3. Communication channel cataloging (know every number you own) 4. Telecom collaboration (DNO registries + branded calling) Because Franklin at the EOD was right: prevention > cure. Especially when cure costs $2.77B annually (FBI BEC losses, 2024).

Alan Turing asked, "Can machines think?" Modern phishers ask, "Can victims tell we're machines?" Generative AI eliminated the linguistic markers that used to alert consumers to phishing attempts. Turing's 1950 question: "Can machines imitate humans convincingly?" 2025 answer: Yes! And they're emptying your bank accounts. The AI Threat: Generative AI (GenAI) creates text reflecting natural human speech patterns, eliminating grammar/spelling errors that previously alerted consumers to phishing. Technical Evolution: 🚨 "BlackMamba" uses LLMs to synthesize polymorphic malware that modifies its own code at runtime, evading endpoint detection (EDR). 🚨 Deepfakes synthesize audio/video to impersonate trusted individuals, defeating voice-based identity verification. 🚨 Vision Language Models (VLMs) create pixel-perfect brand impersonations. The Imitation Game Result: Prompt injection attacks, AI poisoning, deepfake impersonation. The AI Risk Working Group identified these as primary threats to financial services. Defense: Capital One demonstrated that VLMs can identify phishing sites from screenshots, automating the detection of visual brand misuses invisible to URL-based systems. Resonance Security's PhishGuard uses such VLMs to catch AI: → Detects pixel-perfect clones → Flags polymorphic phishing emails → Real-time deepfake URL analysis Turing wondered if machines could think. Turns out, they can lie convincingly. PhishGuard speaks & understands their language…

@fabric_vc @coinbase @base @animocabrands @foundersfactory Super cool! Love this video

We painted the town orange with the launch of R[3]sidency 🟧 Cohort in. Partners locked. Ecosystem + government in the room. Backed by @coinbase, @base, @animocabrands & @foundersfactory, we kicked off 16 weeks of building, shipping, and pressure-testing venture-scale ideas in the UK. See day zero 👇📽️

We left a forty-year-old engine running half of our healthcare. One stolen password later, $2 trillion in claims were frozen in 2024… In February 2024, the American healthcare system realized how fragile it had become when Change Healthcare (a subsidiary of UnitedHealth Group) was brought to its knees by a single missing checkbox by a Russia-linked ransomware organization: ALPHV/BlackCat. It wasn't a sophisticated nation-state attack; it was just a Citrix portal left wide open without multi-factor authentication. This oversight impacted 192.7 million people (leaked public health info) and froze a staggering $2 trillion in annual medical claims. UnitedHealth eventually paid a $22 million ransom, only to be double-extorted when the hackers pulled an "exit scam" and left a second group to demand more. While hospitals lost $100 million daily, the industry learned a $3 billion lesson that MFA is ABSOLUTELY mandatory, especially as an entity managing billions of $$$ Solution? Use Resonance Security's #PhishGuard & #Equalizer. PhishGuard stops initial credential theft by flagging the malicious emails, while Equalizer trains your team to spot the breach before the dwell time turns into a catastrophe. Because apparently, "Cybersecurity 101" is optional until it costs $3 billion.

🚨December 2025: PEPE got rekt. Not by regulators. By Inferno Drainer. When your favorite frog coin's website becomes a wallet drainer, the joke's on you. The Attack Vector: Legitimate site compromised → Front-end redirects to spoofed clone → Inferno Drainer scripts embedded → Users connect wallets (MetaMask, WalletConnect) → Malicious approval prompts appear normal → Assets drained to attacker-controlled addresses Inferno Drainer's Track Record: - 16,000+ phishing domains - $87M+ stolen from 137,000+ victims - 2,400 malicious dApps deployed weekly (2024) - Drainer-as-a-Service model (affiliates get toolkit, split revenue) Market Impact: $PEPE price barely moved. Down 70% YoY. Memecoin volatility > security incidents. If you visited pepe.vip recently: - Revoke all token approvals (Etherscan → Token Approvals) - Move assets to a fresh wallet (new seed phrase) - Never reuse the compromised wallet The Lesson: Legitimate sites can become attack vectors overnight. Verify URLs from multiple sources. Inspect every transaction prompt. Because👇 Inferno Drainer doesn't need to create fake sites anymore. It just hijacks real ones.

So you all may know that Trubit (Truebit Protocol) got hacked (and probably done 🤕 )...So what did we learn from this incident? Sharing my learnings here 👇 linkedin.com/pulse/fck-intr…

🚨January 8, 2026. @TruBit_Global's smart contract had a pricing logic flaw. Cost to fix: Maybe a $15K audit. Cost to ignore: $26.5M + 99% token crash. TruBit (@Truebitprotocol) lost $26.5 million in $ETH. Attacker exploited a pricing logic flaw in the $TRU token minting contract, minted unlimited tokens at negligible cost, sold via bonding curve to drain $ETH reserves, and bribed block producers for transaction priority. Attack Vector: Mint unlimited $TRU → Sell through bonding curve → Extract $ETH → Launder through wallets (0x2735 and 0xD12f) $TRU token crashed 99% - from $0.16 to $0.000072. Market cap wiped. Basic smart contract audit cost: $7K-$45K. While auditing a complex DeFi protocol: $100K (approx). Saddest part about TruBit's pricing logic flaw? Detectable in the standard audit checklist under "economic attack simulations." Why are we telling you this incident? Because: DeFi protocols handle user funds. One logic flaw = total loss + reputational destruction + regulatory scrutiny. If you are a DeFi project, come to us. Why? Because we do: → Multi-phase review (automated + manual + formal verification) → Economic attack simulation (bonding curves, MEV, flash loans) → Gas optimization + reentrancy checks → Post-deployment monitoring integration Will you spend $15K-$100K on an audit, or $26.5M on a headline? The choice is yours... In case you choose the first option, drop a DM to @charleshdray.

❓Question: How do you know if your cybersecurity is solid if you are not a #cybersecurity expert? ✅ Answer? Use PulseCheck. It’s a free & instant cybersecurity evaluation that gives you a secure, real-time full spectrum cybersecurity score in <2 minutes. 🔒 Why is it needed? Because you can't protect what you can't see! 👉 Take a FREE cybersecurity assessment now: app.resonance.security/pulsecheck 〰️

Rekt Audit Broker verifies every request, matches you with the right team, and stands behind the process. Get audit quotes here audit.rekt.news

〰️ We built @Resonancesec software to cover the cybersecurity gaps which result in the most #hacks even after penetration testing and smart contract audits. The software is included with every audit at no extra cost. We make it a no- brainer for customers to cover the most present cybersecurity gaps without having to spend extra time and money. Check out our customer reviews and testimonials, and good luck on your cybersecurity journey whomever you decide to work with 💪

AI-generated phishing emails have a 54% click-through rate (HIPPAA Journal), i.e 3.5× better than human scams. December was the budget season. Your team expected renewal of invoices from Zoom, Slack, and Salesforce. Attackers sent those first before the actual vendor could. The New Reality: AI-generated phishing emails have a 54% click-through rate, match human-crafted messages, and outperform generic ones by 350%. What Changed? 🔻Old phishing: Broken English, obvious typos. 😈 New (AI) phishing: Perfect grammar, correct logo, legitimate-looking domain. Example: Real: billing@salesforce.com / Fake: billing@salesforce.co Phishing was the most reported cybercrime in 2024, with 193,407 complaints representing 22.5% of all internet crimes and $70 million in losses (IBM). SMB Risk: One in every 323 emails sent to small businesses is malicious (Invenio IT). An average office worker receives 121 emails/day, meaning high exposure. December Spike: Budget deadlines create urgency. Finance teams approve faster. Attackers exploit year-end chaos... and holiday lethargy. So what should be your defense protocol? ✅ Hover over the sender domain before clicking. ✅ Verify invoice through vendor portal (not email link) & PLEASE call the accounts team directly. ✅ ✅ Last but not the least: Train your team with Resonance Security’s Equalizer, because it could simulate these year-end “Service Suspension” panics, sharpening instincts when they’re most likely to dull. #cybersecurity #phishing

A Bangalore, India-based Software Engineer lost ₹32 Crore ($3.8M) in 6 months, to one fake phone call (that never ended) 📞 🤯 Can you imagine? She was well-educated and was working in tech, yet got scammed?! Here’s the whole story👇

🚨November 2025: Pornhub suffered a major breach, and 200 million Premium users were potentially exposed. The hacker group ShinyHunters is demanding ransom or threatening to leak it all. Meanwhile, MixPanel (the SaaS vendor in question) says… “What breach?” 🤔 Who's lying here? Our Marketing Manager, Rhythm, breaks it down in the simplest way possible, because let's be honest... Nobody... nobody does it better (than him)! 😌 🔗 resonance.security/blog-posts/the…

🤖 When AI does the work, scams scale. Entry-level attackers become enterprise-grade threats. Phishing in 2025 moved through QR codes, AI voice clones, fake logins, and Web3 signatures. 🚨QR-code quishing 🚨AI voice-clone vishing 🚨Pixel-perfect fake logins 🚨Approval traps disguised as routine actions Security only works when it’s built for how attacks actually happen today, not how they used to. That's why we at Resonance Security built: ✅ PhishGuard (coming soon), aka the always-on email-bodyguard for detection. ✅ Equalizer for déjà-vu attacks trained via our phishing simulator. Because they always try again. #cybersecurity

@ilblackdragon @buidl_conf Awesome lineup!

Excited for @buidl_conf in Lisbon Jan 7-8! Join to learn latest on European policy, AI x web3 evolution, privacy and DeFi and how all of this gets implemented into apps. Get your tickets today!

@zachxbt @mlmabc The debt always comes back around. “Live” temporarily to die hard.

This entity deposited ~$5M USDC into LLP around 9 months ago, split across 5 wallets, and received 9,999,999.60 LIT from the airdrop (~$26M) - a perfectly round number. This excludes LLP yield, which adds another $1–2M in returns. This represents 1% of total supply and ~4% of circulating supply. They used 5 different clusters and consistently split the LIT evenly across 5 wallets. Of the 9,999,999.60 LIT (~$26M) received, 2,760,232.88 LIT (~$7.18M) has already been sold since TGE. Check the screenshot for the full wallet list and supporting data. Main wallets used to deposit into LLP: 0x30cD78B301192736b3D6F27Bdad2f56414Eb6164 0x9A6D9826742f1E0893E141fe48defc5D61866caD 0x7c5d228B0EB24Ad293E0894c072718430B07Dfe3 0xc0562d68b7C2B770ED942D28b71Bc5Aa0209bbee 0xfdBf615eC707cA29F8F19B7955EA2719036044bf