April 1, 2026

echidna and medusa fuzz smart contracts against properties you define. Complex state transitions, edge cases in arithmetic. Fuzzing finds what reading misses. https://t.co/MQtZYBf72d https://t.co/Kwige6x94F

— Trail of Bits (@trailofbits) April 1, 2026

GitHub - crytic/echidna: Ethereum smart contract fuzzer · GitHub

Ethereum smart contract fuzzer. Contribute to crytic/echidna development by creating an account on GitHub.

GitHub - crytic/medusa: Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum · GitHub

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum - crytic/medusa

crytic/echidna (3,095 stars, Haskell) Ethereum smart contract fuzzer

source: Trail of Bits (@trailofbits)

crytic/medusa (466 stars, Go) Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum

source: Trail of Bits (@trailofbits)

slither runs 90+ detectors on Solidity in seconds. Reentrancy, access control, storage collisions. First thing to run on any challenge contract. https://t.co/n2S7jh07vy

— Trail of Bits (@trailofbits) April 1, 2026

GitHub - crytic/slither: Static Analyzer for Solidity and Vyper · GitHub

Static Analyzer for Solidity and Vyper. Contribute to crytic/slither development by creating an account on GitHub.

crytic/slither (6,187 stars, Python) Static Analyzer for Solidity and Vyper

source: Trail of Bits (@trailofbits)

If you're competing in the @‌Wonderland CTF later today, these are the most common open-source tools we use to review contracts in production. 🧵

— Trail of Bits (@trailofbits) April 1, 2026

pic.twitter.com/mG7Aqdn2bC

— LoisAceLane (@LoisAceLane) March 31, 2026

New: We obtained phone calls between Russian Foreign Minister Sergei Lavrov and Hungarian Foreign Minister Péter Szijjártó showing them conspiring to lift EU sanctions on Russia -- from oligarchs to banks to the shadow fleet. Full story with consortium partners at @InsiderEng:…

— Michael Weiss (@michaeldweiss) March 31, 2026

Kremlin hotline: Hungary colluded with Russia to delist sanctioned oligarchs, companies and banks — The Insider

A hotline between Hungarian Foreign Minister Péter Szijjártó and Russian Foreign Minister Sergey Lavrov gave Moscow strategic information on critical EU…

pic.twitter.com/WJsv73LUFm

— vx-underground (@vxunderground) March 31, 2026

This talk discusses just this https://t.co/keKBpniMuX

— Tarjei Mandt (@kernelpool) March 31, 2026

Nicholas Carlini - Black-hat LLMs | [un]prompted 2026 — unprompted

source: Tarjei Mandt (@kernelpool)

Pete Hegseth is so spectacularly stupid that he used his insider knowledge of a strike on Iran to attempt a multimillion-dollar trade that LOST money https://t.co/1n6XvYfKAv pic.twitter.com/GRBeHMxQIH

— Ali (@haramcart) March 30, 2026

RCE in Ghidra: My fav bugs target security tools.

In CVE-2026-4946, you can embed these into your binary, analyst loads binary, Ghidra auto-generates the comments, analyst clicks on it, command executes.

Write-up: https://t.co/5tkmTI89AK pic.twitter.com/n5YKGsGRmH

— solst/ICE of Astarte (@IceSolst) March 30, 2026

CVE-2026-4946 :: AHA!

CVE-2026-4946: NSA Ghidra Auto-Analysis Annotation Command Execution A malicious binary can trigger arbitrary command execution in Ghidra when an analyst clicks on auto-generated comments. AHA! has discovered an issue with Ghidra from the National Security Agency (NSA), and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on March 25, 2026. CVE-2026-4946 has been assigned to this issue, based on the original vulnerability disclosure GHSA-mc3p-mq2p-xw6v an...

🚨 ZERODAY: ImageMagick 🚨

Our autonomous pentester https://t.co/6oiPiGEdVs just dropped multiple zeroday chains in ImageMagick that achieve RCE and File Leak from a single .jpg or .pdf file, bypassing EVERY security policy (Default, Limited, AND Secure). 🤯

💥 Affects… pic.twitter.com/8DNL4ciEu9

— pwn.ai (@pwn_ai) March 30, 2026

ImageMagick: From Arbitrary File Read to File Write In Every Policy | PWN.AI Security Research

How pwn.ai turned a routine client pentest into multiple ImageMagick exploits. By autonomously researching the product’s internals for days, it found a path from a single image upload to file leaks, security policy bypasses, and remote code execution across a wide range of default and real-world configurations.

Luckily for the FSB, people don't have to meet face to face with officials. They can do it online.

👀 SIS's Instagram has been quite good at pushing Silent Courier, a dark web portal allowing remote contact, unveiled last year. https://t.co/q6czipcat8 pic.twitter.com/7PvbburaN0

— Dr. Dan Lomas (@Sandbagger_01) March 30, 2026

Apple (copied BlockBlock 👀) and added ClickFix protections… but kept the good stuff private 😤

Reversed xprotectd to see how it really works and emerged with enough detail to build your own (kinda)!

Read: No Paste for You!https://t.co/hoWodAY53h

— Patrick Wardle (@patrickwardle) March 31, 2026

Objective-See's Blog

Reverse Engineering Apple's ClickFix Protections

Ok this is extremely funny pic.twitter.com/HeFF33F1j1

— Susannah Black Roberts (@suzania) March 31, 2026

⚠️ Supply chain attack in progress: someone is squatting Anthropic-internal npm package names targeting people trying to compile the leaked Claude Code source.

`color-diff-napi` and `modifiers-napi` — both registered today, same person, disposable email. Do NOT install them. 🧵

— Clément Dumas (@Butanium_) March 31, 2026

Regrettably Iran’s commitment to the tenets of Islam means they cannot deploy the most destructive anti Marine weapon - the high interest financing plan https://t.co/WXemN1xnYp

— Gayest Tone (@gayest_tone) March 31, 2026

https://t.co/MIB5itJQdw pic.twitter.com/6dNuXA655f

— h0mbre (@h0mbre_) March 31, 2026

FreeBSD, the kernel nobody thinks about until it's time to demonstrate what it looks like to attack something that skipped out on the last 20 years of modern defenses.

— Brad Spengler (@spendergrsec) March 31, 2026

I dunno. A big part of research is developing good instincts on where to look and sink stupid amounts of time. AI doesn't have that problem, it can just look everywhere, so shallow bugs are easy to shake out. AI obviously has the breadth, but how deep can it go and how many weird…

— Tavis Ormandy (@taviso) March 31, 2026

We are still looking at the axios supply chain compromise, but we’ve attributed it to UNC1069, a suspected DPRK actor, who we covered in a blog this February. They are financially-motivated and historically DPRK uses these incidents to target crypto. https://t.co/RIeOp14UNU

— John Hultquist (@JohnHultquist) March 31, 2026

UNC1069 Targets Cryptocurrency Sector with New Tooling and AI-Enabled Social Engineering | Google Cloud Blog

North Korean threat actors target the cryptocurrency industry using AI-enabled social engineering such as deepfakes, and ClickFix.

Ok I just want to add one thing.

Folks, for state actors, the value of having a quantum computer is massively higher if you DON’T tell people you have a quantum computer.

Exploiting Bitcoin is a parlor trick. Exploiting the world’s communications is where the value is at.

— Matthew Green (@matthew_d_green) March 31, 2026

How to find a $65,000 zero-day in Chrome V8:

Meet @eternalsakura13, researcher at Zellic.
- Top 3 Chrome VRP 2022–2024
- Top 2 Facebook whitehat in 2023
- Top 10 MSRC MVR in 2025

Here’s a walk through the mind of one of the world’s best Chrome researchers. Can you follow along? pic.twitter.com/Qcgqq5fZ0X

— Zellic (@zellic_io) March 30, 2026

"On the kernel security list we've seen a huge bump of reports. We were between 2 and 3 per week maybe two years ago, then reached probably 10 a week over the last year [...] and now since the beginning of the year we're around 5-10 per day [...]" https://t.co/G8ngIqPJKI

— Brad Spengler (@spendergrsec) March 31, 2026

Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform pic.twitter.com/cnpGtoYJa5

— Mark Ermolov (@_markel___) March 31, 2026

Googles Threat Intelligence Grpup has attributed the Axios supply chain attack to North Korean-nexus group UNC 1069

— vxdb (@vxdb) March 31, 2026

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)

To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI.https://t.co/Cv8M69i1Mk

— Calif (@calif_io) March 31, 2026

I honestly think we're at "L0pht is testifying at the Senate" levels of fucked. LLMs finding vulns has gone from possible to trivial RAPIDLY and the use of generic coding agents is currently the lower bound!! The security industry is not at all ready for the reality of today. 🫠 https://t.co/86Zzirtmt9

— Aaron Grattafiori (@dyn___) March 30, 2026

Tom Ptacek posted a great writeup titled "Vulnerability Research Is Cooked", covering the state of vulndev and its rapidly accelerating future:https://t.co/OL2k2eV9v2

— HD Moore (@hdmoore) March 30, 2026

NEW VIDEO: This week we look into a lesser known team/taskforce from 2003-2004 that NSA created to spy/perform financial intelligence on North Korea, with some very interesting outcomes... NSA's CRASH team.https://t.co/arhiGER9y1

— Spy Collection (@SpyCollection1) March 30, 2026

NSA's Secret CRASH Team Targeting North Korean Financial Transactions — Spy Collection

source: Spy Collection (@SpyCollection1)

🧵 The axios @npmjs compromise dropped a @macOS backdoor that closely mirrors North Korea's (@DPRK) recent WAVESHAPER backdoor. Let's take a quick look the full intrusion:

— DefSecSentinel (@DefSecSentinel) March 31, 2026

Phrack call for papers is out! Check out the cool demoscene graphics at https://t.co/Beh3tzduYr pic.twitter.com/cWtkeC89PA

— Chris Wysopal (@WeldPond) March 30, 2026

We asked Claude to find a bug in Vim. It found an RCE. Just open a file, and you’re owned. We joked: fine, we’ll switch to Emacs. Then Claude found an RCE there too.

Full story: https://t.co/7UL9suKs8r

— thaidn (@XorNinja) March 30, 2026