Malicious code in solidity-deploy-guard (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

1inch partners with Innerworks to strengthen DeFi security through AI-Powered threat detection

London, United Kingdom, 27th October 2025, CyberNewsWire...

[WP-H3] Imprecise management of users' allowance allows the admin of the upgradeable proxy contract to rug users

Lines of code Vulnerability details In the current implementation, when there is a fee on follow or collect, users need to approve to the follow modules or collect module contract, and then the Hub contract can call processFollow and transfer funds from an arbitrary address as the follower...