ℭ𝔦𝔭𝔥𝔢𝔯

ANTHROPIC HAS RELEASED OPUS 4.7!! i asked claude opus 4.7 to refactor a large codebase. 68 minutes, millions of tokens burned - it finished nothing worked. app completely broken but god it was beautiful

Hey @AnthropicAI let's go toe to toe I bet $100,000 my agent finds more valid Critical/High/Medium total smart contract vulns than Mythos, 1 run each I'm a small boii here in web3 security, your "scary" agent wouldn't be afraid of mine, no? Serious bet. Tag anyone, I'm ready.

Done switching tabs between ESPN, your sportsbook, Polymarket & Kalshi every big play? Stratos Sports: live scores, betting lines & real-time Polymarket + Kalshi on ONE screen. Prototype live: stratos-sports.vercel.app No signup. Try it & tell us what to build next 👀

i really just wish websites let me query anything for a cent or whatever instead of wasting all my time with browser agents to get around bot guards

you can (and should) watch @big_tech_sux's talk here: youtube.com/live/4mRHvbNbx…

it's a remarkable milestone for anyone working on compilers and smart contract security: Vyper is set to become the _first_ formally verified smart contract compiler, effectively allowing you to mathematically prove that the entire compilation pipeline preserves the contract logic _and_ to prove that the contract logic itself is correct. Oh, and the cool thing is, my snekmate math functions have been formally verified :D. 🐍💙

Kalshi wants to get more young women interested in the prediction-market platform, looking to expand beyond sports and its core male customer base. on.wsj.com/3N37GDl

@j0hnwang I would definitely be interested in attending

Got a few extra invites for Kalshi Conference end of this month in NYC prioritizing MMs, traders, and institutions. DM me

I just scored 1,350 (rank #101) on CheetCode CTF — 10 problems, 45 seconds. Think your agent can beat it? 🔥 x.com/CalebPeffer/st…

@bax1337 @tayvano_ Same

@tayvano_ Uh the reassurance I got from knowing you were there keeping it safe/secure/private is literally the only reason I use that wallet.

Well I just learned the MetaMask offboarding process is the most MetaMask thing in the entire world 😅 I’m so sorry to everyone I was mid-convo with Also, I’m not going anywhere From now, I will just scream FUCKIN’ METAMASK with you. Instead of defending the indefensible. 💖

The quoted post is actually a cool live Contagious Interview DPRK 🇰🇵Gitlab repo that deserves more attention and more context! Malware for MacOS, Windows and Linux 🧵IOCs in post #1 - Delivery ref: opensourcemalware.com/blog/contagiou… Created Jan 21th, posing as a fake "Real Estate Rental Platform" link: /gitlab.com/real-estate-review3/real-estate-demo Full repo backup here: a9edb291d912638f9652b2c8c982b7c6b289b0434fb467e0a515dccec68653e0 User - davidaheld.manager@gmail.com We can easily spot the malicious curl requests depending on the OS, prepared to run on MacOS, Windows and Linux. Payloads hosted in vscode-load[.]onrender[.]com, to see them while they are live please use a Curl User-Agent, any way I saved them all #2 - Windows #OtterCookie Detonation here: app.any.run/tasks/b4907c5b… On Windows, a script hosted on vscode-load[.]onrender[.]com/settings/windows?flag=9 creates file "vscode-bootstrap.cmd" - c40ccf9bed5ceaab36d59e529f17a9b424c037649026db0ffe963c23fd586d19 Content hosted on vscode-load[.]onrender[.]com/settings/bootstrap?flag=9 - c226eb59cf696a85ed7134b57f12d82cb392d42b908dd6a463cd4d8c980ee5e8 This second script installs NodeJS via powershell and uses it to install dependencies (axios) used to run the malware, hosted on vscode-load[.]onrender[.]com/settings/package - b12a4325fe5af59d64ca617df254841d16f1e5250acd24be518971bce93637ff and also fetch https://vscode-load[.]onrender[.]com/settings/env?flag=9 - 40990ab0b482a780456e75609ebee3b883f912d75811f9f0dfb022ccdd862f9f that will fetch the malicious obfuscated JavaScript from ip-api-check-gold[.]vercel[.]app/icons/709 (you can fetch via curl with custom header "bearrtoken: logo")- dbdfe6e24e5c0fa78ae174877cdae7d49b24da529bda78af9a6468a2453f189b This malicious JS connects the infected machine to the OtterCookie C2: System info and credentials send to hxxp://144.172.116.80:8085/upload Computer files upload to hxxp://144.172.116.80:8086/upload API client comunication sent to hxxp://144.172.116.80:8087/api/log hxxp://144.172.116.80:8087/api/notify Also a websocket pipeline is opened here hxxp://144.172.116.80:8087/socket.io/* The build decodes data from browsers using Windows DPAPI for the current user and starts a loop to read clipboard content #3 - MacOS & Linux @txhaflaire For ref: jamf.com/blog/threat-ac… On MacOS, a bash script hosted on vscode-load[.]onrender[.]com/settings/mac?flag=9 - 6be45e165de60b61e9b7cb9e1f9b72c652c388a04c02d2068de6188cc88fc3fe On Linux a bash script hosted on vscode-load[.]onrender[.]com/settings/linux?flag=9 -f03af0598d13d868580527299f5caad51b3d50cd3d655bd810aaaf90bef21f0a Both creating a file "vscode-bootstrap sh", content hosted on vscode-load[.]onrender[.]com/settings/bootstraplinux?flag=9 - 60914b8df5b5d64070f71ef13817499b3a85de98433ae5c01bd235abec9464f6 The overall functionality is the same than on windows, loading and executing the same JS code. Feel free to check!

> be a lazy dev > let LLM analyse an Etherscan verified contract > LLM has code execution capabilities > LLM listens to the instructions part of the verified source code comments > get rekt The future is full of prompt injection attacks. Looking forward to 2026. ps: this is an illustrative contract I wrote without fancy obfuscation, so pls don't get too much inspired ;)

@benln Definitely building over the holidays

Who's building over the holidays? Will add you to a group chat I started on X.

@​mux/ai + Workflow DevKit makes AI video generation simple and durable.

Lastly, if they hack your telegram, you need to TELL EVERYONE ASAP. "You" are about hack your friends. Please put your pride aside and SCREAM abt it. And if you need help with any of this SEAL-911 (@_SEAL_Org) is here for you. Message us 24/7: t.me/seal_911_bot

We will be hosting a roundtable on Dec. 16 to discuss Rule 611 of Regulation NMS and other associated rules and regulatory requirements. A livestream will be available on SEC.gov. See details on agenda, panelists, and registration info: sec.gov/newsroom/meeti…

Huge congratulations to @RussianPanda9xx on winning SANS Difference Makers 2025 – Practitioner of the Year (Cyber Defense) 🎉

It's time to build the US Tech Force. 🇺🇸

Introducing Enterprise /search 🔍 For enterprises we've added new features and privacy controls to our Search API including: - New Anon and Zero Data Retention modes - Skip job logging flag - Full control over data handling and compliance Get in touch to enable it today 👇

@OfficialLoganK I would like to test early

Reply here or DM me :) will add folks in as much as we can

Big upgrade to vibe coding in @GoogleAIStudio lands in Jan, but if you want to test early… 👇🏻