D13mp1Sec for Security and DIEMPI for Dev

Un maraîcher de 21 ans qui pirate 90 organisations avec une IA : la compétence technique n'est plus la barrière

Circle Developer Grants: Building on Arc and the Circle Developer Platform x.com/i/broadcasts/1…

We're about to go live with @akelani and @jennateeman to discuss the launch of our Circle Developer Grants program. If you're looking for funding, head over to @arc....... NOW

We just added the ability for your agents sign-up for phone numbers and make AI-native phone calls using Circle Agent Stack and USDC. Get your agent a phone number on Twillio and make AI voice-native real-time calls with BlandAI. agents.circle.com

We're live with @Oxcheatcode, founder of @TowerExchange, who's a stablecoin-focused DEX aggregator built on the Arc blockchain over on the @arc handle..... NOW

Arc Builder Spotlight: Tower Exchange - Native Stablecoin DEX Aggregation on Arc x.com/i/broadcasts/1…

@arc Hey Sam and Cheatcode

@arc Let's go

Circle Developer Grant applications are open for builders working on Arc Testnet and the Circle Developer Platform. Join @samconnerone,@jennateeman, and @akelani live on May 22 for a walkthrough of: → What the program supports → What Circle looks for in applicants → Priority use cases across Arc and Circle infrastructure → How the Questbook application process works → Funding, technical guidance, co-marketing, and ecosystem support community.arc.network/public/events/…

Super interesting story that shows how the current state of @github is unable to protect open source maintainers from AI spam at any meaningful scale. @archestra_ai put up a $900 GitHub bounty. AI accounts blew the issue up to 253 comments and proceeded to flood the entire repo with untested PRs. Their fix was a contributor whitelist hack: go through and pass onboarding, then a GitHub Action authors a commit as you so GitHub lets you back in. GitHub needs better anti-bot and anti-spam mechanisms so people don't have to build these types of mechanisms themselves. archestra.ai/blog/only-resp…

Researchers asked us to remove submission limits. So we did. But only for the people serious enough to put skin in the game. Here’s the problem: In fast-moving audit competitions and bug bounty programs, researchers often find multiple valid issues early. But submission limits can force them to wait. And that waiting can cost them. They find the issue first. But can’t submit yet. Someone else reports it before their limit reset, or the project simply fixes it. That changes today. Here’s how it works: On pay-to-submit programs, researchers are no longer blocked by their usual submission caps. Each per-report fee unlocks one report submission, even if the researcher has already hit their limit. Once the payment is confirmed, the report can be submitted. That means: - Hit your 24-hour submission limit? You can still submit. - Have multiple reports under review? You can still submit. - Found multiple valid issues early? Each payment unlocks one submission. No more losing valid findings just because the submission clock had not reset.

“We’re looking for high-caliber teams building real-world financial flows onchain.” Circle Developer Grant applications are now open! @jennateeman and @akelani share details of how with a more focused, milestone-driven approach they plan to support exceptional teams. community.arc.io/public/blogs/c…

We were made aware of a group promoting a way to exploit an event in Arc House. We will track every account associated and have them removed. Thanks

I gave an AI agent USDC to analyze my tweets and audit my X profile. Here’s how you can do the same.

Circle Gateway now supports webhooks. Developers can receive real-time notifications for key lifecycle events like deposits, forwarded messages, and mints directly in their backend, instead of relying on polling. → React to deposit finalized events without constant polling → Trigger backend workflows when state changes happen → Build cleaner event-driven crosschain flows Start building: developers.circle.com/gateway/webhoo…

Make sure to check out the latest post by @bleso_a This is WILD!!!! Let me know how you plan on using the Circle Agent Stack!

‼️🚨 ALARMING: Google now treats privacy as suspicious behavior by default. Users of GrapheneOS, CalyxOS, /e/OS, and other deGoogled Android phones are being locked out of millions of websites unless they install the exact Google Play Services software they deliberately removed. GrapheneOS is recommended by the EFF and used by journalists, lawyers, and activists in high-risk environments. The audience most likely to read Google's data practices and refuse its terms is now flagged as fraudulent for that exact decision. What happened?: ▪️ Google announced "Cloud Fraud Defense" at Cloud Next on April 22-23, 2026, branding it "the next evolution of reCAPTCHA." Existing reCAPTCHA customers were auto-migrated. ▪️ When the system flags traffic as suspicious, the old click-the-bus puzzle is gone. Users get a QR code instead. ▪️ Scanning the QR code requires Google Play Services running on the device. Internet Archive snapshots show this requirement has been live since at least October 2025, silently rolled out for 7 months before anyone noticed. ▪️ No Play Services = no QR scan = locked out. The bigger picture: ▪️ Google already tried this in 2023. It was called Web Environment Integrity (WEI), and it would have let Google decide which devices were "real enough" to access the web. Standards bodies and the public pushed back hard, and Google killed it. Three years later, the same idea is back, just hidden behind a QR code instead of a browser feature. ▪️ reCAPTCHA runs on millions of websites. Every developer who keeps using it is now, by default, telling deGoogled Android users they're not welcome...

🚨 WARNING: The official JDownloader website was compromised earlier this week to distribute malicious Windows and Linux installers that deployed Python-based malware on infected systems. The supply chain attack impacted users who downloaded installers from the site between May 6 and May 7 via the “Download Alternative Installer” links on Windows or the Linux shell installer. What happened: 🔴Attackers breached the JDownloader site via an unpatched security flaw. 🔴Attackers then modified JDownloader download links to point to malicious payloads 🔴The Windows malware deployed a heavily obfuscated Python-based RAT framework @thomasklemenc found that the Windows malware deployed a Python RAT that can execute attacker-supplied Python code remotely. BleepingComputer's analysis of the Linux installer also revealed injected code that downloaded additional malware, installed a SUID-root launcher, and disguised the payload as /usr/libexec/upowerd.

🚨 BREAKING: ShinyHunters defaced Canvas login portals for hundreds of colleges and universities today, replacing them with extortion demands tied to the recent Instructure breach. Sources tell BleepingComputer that the hackers exploited another unpatched vulnerability in Instructure’s systems, allowing them to hijack approximately 330 Canvas portals and display ransom messages to students and staff. What happened: 🔴 Canvas login portals were replaced with ShinyHunters extortion messages 🔴 The messages warned schools to negotiate before May 12 or student data would be leaked 🔴 The defacements also appeared inside the Canvas mobile app The portals were visible for about 30 minutes before being taken offline as Instructure responded to the incident. This follows last week’s breach where ShinyHunters claimed to have stolen 280 million student and staff records tied to thousands of schools using Canvas.

A threat actor is advertising what they claim to be a dataset of 500,000 French crypto users, stolen from Coinbase. Learn more: cnews.link/coinbase-franc…