Salus

🛡 Salus Security is proud to continue serving as an official @BNBChain Kickstart Program Service Provider. To further support #BNBKickstart builders, we’re offering enhanced security services: ✅ One-time FREE Smart Contract Attack Surface Review ✅ One FREE Security Advisory Session (up to 10 questions) Security isn't optional. It’s a launch prerequisite. Apply now → bnbchain.org/en/programs/ki… @BNBCHAIN

Another signer compromise @StablREuro StablR’s EURR / USDR significantly depegged EURR falling to around 0.91 USDR falling to around 0.73 Assume signers will eventually get compromised Your system should be designed so that even if a signer is taken over, an attacker still cannot instantly mint, upgrade, or drain the entire protocol. Recommendations: High-threshold multisig (3-of-5 / 4-of-7) Geographically distributed signers Hardware wallet isolation Regular OPSEC audits Timelock-delayed execution Real-time on-chain anomaly monitoring Minimized mint / upgrade privileges Automatic pause / freeze on abnormal mint activity

More than 5,500 GitHub repositories were hit by a large-scale automated supply chain attack through a malicious CI/CD backdoor Don’t casually update dependencies Don’t give developer machines excessive privileges Don’t expose critical credentials to CI/CD Don’t ignore VS Code extensions and third-party tools Assume your software supply chain may already be compromised cybersecuritynews.com/megalodon-malw…

A high-quality GitHub / npm 0day can cost anywhere from tens to hundreds of thousands of dollars Meanwhile, a supply chain attack delivered through a malicious VS Code extension can be dramatically cheaper Compared to expensive 0days, the ROI of supply chain attacks is often far higher. Assume your upstream tools may already be compromised

Solv's Audit Partners help secure the largest on-chain Bitcoin reserve's with periodic best practices consulting. We're proud partners of @OpenZeppelin, @salus_sec, @Quantstamp, and more.

2026 no multisig no timelock no mint cap no realtime monitoring what could possibly go wrong

A research team assisted by Claude Mythos bypassed Apple’s MIE system — a security architecture that reportedly cost billions of dollars to build — in just 5 days and with only $35,000 in API costs In the AI era, the cost of conducting targeted attacks is collapsing Ordinary people should also be prepared for the possibility of becoming long-term targets

Real degens use iPhone...

We’re excited to see that Claude Agent can generate a one-time virtual Visa card based on user instructions and complete payments within a preset spending limit — all without manually entering card details or visiting a checkout page. That’s genuinely impressive. However, prompt injection remains a critical security risk for AI agents. Attackers could potentially manipulate the agent through malicious prompts, tricking it into making unauthorized purchases. Please stay vigilant.

Many people configure OpenClaw by changing 127.0.0.1 to 0.0.0.0, which exposes port 18789 to the public internet. There are already automated scanners probing common AI agent ports. Once an open API is found, they will attempt to execute commands 🤷‍♂️

iOS crypto users are being targeted by criminal groups using Coruna, a military-grade hacking tool. Coruna was used by a Russian nation-state actor (UNC6353) in watering-hole attacks against Ukraine. Recent infrastructure and sample analysis indicates this toolchain has since surfaced in the hands of malicious actors and is being used to steal crypto wallet assets. This exploit kit first fingerprints the target device to identify its iOS version, then automatically selects a compatible WebKit exploit chain. The trigger conditions are minimal—simply visiting a malicious webpage is enough. Once triggered, the payload attempts to collect wallet-related data by scanning for MetaMask, Phantom, and Trust Wallet, as well as sensitive material stored in Photos, Notes, and QR codes (e.g., private key or seed phrase artifacts). The affected range is iOS 13.0–17.2.1. Updating to the latest iOS release and enabling Lockdown Mode can block the known attack chain.

Crypto KOL @sillytuna has publicly confirmed they were violently kidnapped and forced to transfer approximately $24M in crypto assets, and announced they are stepping away from the crypto space. The victim was subjected to kidnapping, threats of sexual assault, and physical violence, and was coerced into transferring approximately $24M in AUSD to the address: 0x6fe0fab2164d8e0d03ad6a628e2af78624060322 Funds were primarily moved to: 0xd0c2C387A7F10CD1FBb1078FaCC834eC43c9dd3E 0xdCA9F78a5740bd19D4652F877B7a10a6Ad3eC9C4 A small portion has already been bridged to Arbitrum. No large-scale mixing activity has been observed yet. The incident is still under investigation and law enforcement has reportedly intervened. sillytuna has also announced a 10% bounty for the recovery of the funds and is calling on security teams and on-chain investigators to help track the related fund flows.

Solidity v0.8.34 out now. This release fixes a high-severity bug in the IR pipeline affecting versions 0.8.28 through 0.8.33 (`--via-ir`, not enabled by default). If your code does not use both `--via-ir` and delete on a transient state variable, your contract is not affected.

We’re pleased to announce the successful completion of the security audit for @paythefly. PayTheFly is an Intent-based On-chain Payment Protocol — confirm once for silky-smooth 1-step payments. Wishing the team success in ushering in the new era of effortless Web3 payments! 🚀

The core of Prime Vaults is built on two pillars: Security and Strategy. To support a high-performance environment, our codebase has completed independent audits by @salus_sec and @ShieldifySec Continuous security is what allows Prime Vaults to operate reliably, 24/7 📄 Full audit reports below

We’re pleased to announce the successful completion of the security audit for permadex.io (PermaDex), the multi-chain trading platform powered by @CodexField. PermaDex is a high-speed, multi-chain trading platform built for clarity, efficiency, and seamless execution across supported networks. Wishing the PermaDex team continued success as they redefine digital trading and scale the future of on-chain markets! 🚀

We’re pleased to announce the successful completion of the security audit for @PrimeVaultsHQ Prime Vaults provides smart saving accounts aimed at optimizing returns on BTC, ETH, and USD holdings via cross-chain lending, liquidity provision, and restaking, with strategies informed by Prime AI's analysis.💪 Wishing the Prime Vaults team continued success as they bring smarter, high-yield saving solutions to the DeFi space! 🚀

We’re excited to announce the successful completion of the security audit for NizaBridge, a key component of the @NizaEcosystem The NIZA Ecosystem is a multichain DeFi infrastructure with $3M-backed Layer 1 for low-cost, interoperable DeFi, GameFi, AI apps & RWAs via integrated DEX, Perp DEX, Labs & REIT. Wishing the NIZA team continued success as they build a unified, sustainable financial network for the global blockchain community! 🚀