

Spearbit
2.1K posts

@spearbit
Industry Leading Web3 Security. Request a security review here ➡ https://t.co/gqs2f17Yhd










Arkis has partnered with @spearbit, the security research firm behind reviews for @Morpho, @coinbase and @liquid_col to create the first fully verifiable, tamper-proof digital provenance for institutional smart contracts. @spearbit's sign-off is required before any release reaches production, and anyone can verify it independently. arkis.xyz/blog/arkis-x-s…




Vendors publish their wins. @chrispyprojects, who taught Apex (our AI appsec solution) how to hunt, published its full scorecard against human audits, some costing $500,000+: every critical and high matched, plus live bugs the audits missed. AI security claims should be backed by data. Here's ours, with something waiting there for your codebase: cantina.review/agentic-securi…





We’ve detected that @GitHub has been compromised by TeamPCP. A poisoned VS Code extension on an employee device. ~3,800 internal repos exfiltrated. Data already on a black forum for $50K. The technical vulnerability is two words: "runOn": "folderOpen" in a .vscode/tasks.json. Cursor plays with Workspace Trust OFF by default. Open the folder, the task fires. Same group hit @Tan_Stack, @OpenAI, @Microsoft, and Nx in the prior 3 weeks. Same blind spot in every IDE-scanning security stack. What a time for cybersecurity! Full breakdown: cantina.review/github




$500,000 to @rileyholterhus through Cantina Bounties. 🪐 The researchers who consistently find the bugs that matter don't chase volume. They follow programs where scope is tight, triage is fast, and rewards match actual impact. Well done, Riley!




