A working RoguePlanet exploit gives any local user SYSTEM on a fully patched Windows 10 or 11, and Microsoft has no patch out for it. It is the seventh Windows Defender zero-day this researcher has dropped since April, and earlier ones are already in live intrusion chains. For most teams this is a privilege-escalation problem. For a digital asset team, SYSTEM on a developer laptop is the wallet signing key, the RPC secret, and the exchange API credential that machine has ever loaded, plus every browser session still authenticated to a custody dashboard. The exploit needs local access first, which is exactly what the phishing, malvertising, and trojanised dev tools in this week's news are built to deliver. A SYSTEM shell on the right laptop is a custody incident with extra steps. DLTA maps which endpoints can reach signing and custody infrastructure, before a local foothold becomes a withdrawal. #Web3Security #CTI #ZeroDay #DigitalAssets

Humanity Protocol lost $30M because seven private keys sat on one developer laptop. The admin hot wallet key, three ETH Safe owner keys, and three BSC Safe owner keys were backed up to the same machine during mainnet launch in June 2025. A 3-of-N multisig is arithmetic theatre when N signers share a hard drive. The malware that took the laptop took the protocol, a full year after the keys landed there. Off-chain key hygiene is the asset inventory nobody runs: which machines have ever touched a signer key, rather than which machines hold one today. DLTA maps that off-chain exposure for digital asset teams, at the maturity level they actually operate at. #Web3Security #CTI #DigitalAssets #KeyManagement

A dust-sized WETH transfer turned into a pool-draining exploit on Flooring Protocol overnight, and the attacker used it to mint CryptoPunks and BAYC before dumping them straight into open bids. Yuga Labs ran a whitehat operation to rescue dozens of the at-risk NFTs. The rescue worked because every move was on-chain and public; defenders could watch the mempool and out-mint the attacker in the same arena. The off-chain version of this exploit has no arena. The same pool-draining logic against a custody API, an RPC signing service, or a CI deploy pipeline drains in private, with no mempool to race in and no whitehat watching the block. For a digital asset team, the signing infrastructure and deploy keys behind the contract sit on a web2 host that rarely makes the asset inventory, and that is where the quiet version of this exploit lands. DLTA maps that off-chain exposure to the controls a team needs at its real maturity level, before the next exploit picks the quiet path. #Web3Security #CTI #DigitalAssets #DeFi

The developer workstation was the common target across four separate security stories today. A fake Claude Code installer dropping a credential stealer. A worm firing from an npm preinstall script before code review runs. An AI-assembled ransomware toolkit reportedly built in Cursor. A one-click exploit lifting GitHub OAuth tokens. Each one lands on the build pipeline and the laptop, upstream of any production host. For digital asset teams that same laptop holds wallet signing keys, RPC secrets, and custody API credentials. The dependency you pulled this morning has a path to the transaction you sign this afternoon. DLTA maps developer-side exposure to the custody and validator infrastructure it reaches. #CTI #Web3Security #SupplyChain #DigitalAssets

Coding agents now surface smart contract vulnerabilities faster than the teams shipping those contracts can review them. An attacker runs that agent against every deployed protocol at once; a defender runs it against one codebase before launch. This does not stay on-chain. The same agents read CI/CD configs, exposed RPC endpoints, and deployment keys, and the cheapest route to a protocol's treasury is often the web2 host holding its signing infrastructure. Audits priced for a quarterly cycle do not survive an adversary iterating in minutes. DLTA tracks that exposure off-chain, mapping the controls a digital asset team needs to its real maturity. #DeFi #SmartContractSecurity #Web3Security #CTI

This weekend, attackers reset Instagram accounts by spoofing a location to Meta's AI support bot and asking it to drop MFA. One of the hijacked accounts belonged to the Obama White House. The assistant wired into account recovery had quietly become the authentication authority, and nobody scoped it as one. Every support chatbot, KYC helper, and wallet-recovery agent now sits on that same boundary, one prompt away from the session tokens, password resets, and MFA toggles it was given to be helpful with. For a crypto exchange or custodian, the support bot that handles a locked-out user is the same surface that can release an account holding real funds. DLTA maps the intelligence-to-control loop for that boundary, at the maturity level the client is actually at, before the helpful agent becomes the initial-access vector. DLTA.co.uk #AISecurity #Web3Security #CTI #ThreatIntel

Four security incidents this week, one shared failure: the control that was supposed to decide who gets in stopped deciding. Palo Alto’s GlobalProtect gateway let attackers bypass authentication and reach the internal network. A published one-click RCE in self-hosted Flowise surrenders the cloud IAM roles and wallet API keys wired into the agent. A MiCA-licensed stablecoin issuer was drained while its paperwork still read compliant. On-chain, cross-chain bridges still account for 42% of losses because a single verifier keeps approving forged withdrawal messages. The web2 perimeter and the web3 signing path fail for the same reason: an authorization check that trusts whoever calls it first. DLTA maps that gap to the control at your current maturity level, not to a compliance checkbox. #CTI #Web3Security #ThreatIntel #DigitalAssets

First white-hat exploit on Ethereum: I unlocked 1,003.62 Ξ ($2,000,000) trapped in a 2016 ICO smart contract for 9 years. The 48 original investors can now claim their funds.

500 followers 🍻

Anthropic's Claude Mythos found more than 10,000 high and critical zero-days in its first month, and it did the finding autonomously. The model runs an agentic harness with minimal human steering, locates the flaws in open and closed source, and in many cases writes the working proof-of-concept exploit itself. Access sits inside Project Glasswing, a closed consortium of AWS, Apple, Google, Microsoft, Nvidia, JPMorgan, and around forty other critical-software operators. Anthropic puts the public arrival at weeks away and expects comparable capability to reach other labs, including ones without a consortium, within twelve to eighteen months. For a digital asset firm the consequence is a patch window that keeps shrinking while the same automated discovery lands eventually on the adversary side. The exposure that matters is the unpatched RPC node, the bridge relayer, the custody signing host, and the CI runner that never made the asset inventory. DLTA maps the intelligence-to-control loop for that surface, at the maturity level the client is actually at, before autonomous discovery becomes symmetrical. #ThreatIntel #Web3Security #CTI #AISecurity

Every defender decision worth making this week was quietly automated by a vendor. Google launched a stack that triages, scans, and patches; Microsoft silently fixed a password-spray bypass and skipped the advisory; an npm package exfiltrated Claude's /mnt/user-data while developer agents wrote the import; Censys found 12,520 MCP servers running open on the public internet. The pattern: judgement removed from the defender, handed to an agent, run against production. For a digital asset firm, each of those agents terminates at validator keys, custody signing flows, bridge relayer endpoints, and exchange admin sessions, because the platform stack does not draw a line between the application layer and the trust layer. The new attack surface is the boundary where the agent is allowed to decide. DLTA maps the intelligence-to-control loop for that boundary, because asset inventories were never built to list it. #AISecurity #Web3Security #CTI #ThreatIntel

The OpenZeppelin co-founder just told his own family to exit Aave, MakerDAO and Compound. Coding agents now find bugs faster than humans can patch them, and one missed bug ends a protocol. Defenders have to fix every flaw before launch. Attackers need to find one, ever, including in code that has been live and audited for years. Frontier AI compresses that one-flaw search to roughly $1.22 of compute per contract. The fork is whether protocols move from friction-based defence (multisig timelocks, audit signoffs) toward hard barriers like formal verification and architectures that survive a single component compromise. DLTA maps that intelligence-to-control loop for the digital asset firms watching their trust stack come up against an opponent that costs less to run than a coffee. #Web3Security #DeFiSecurity #AISecurity #CTI

Five incidents in the last 72 hours all weaponised something a developer was supposed to trust by default. TrapDoor is planting .cursorrules and CLAUDE.md inside malicious npm, PyPI, and Crates.io packages so the developer's own AI assistant runs the "security scan" that exfiltrates the secrets. Megalodon authenticated as 5,500 real developers using tokens still live in their CI environments and pushed malicious commits under their identities. A third-party SquidRouterModule drained $3.2M from 86 Gnosis Safes on Base and Ethereum because the contract was verified under a name the Safe owners already trusted. Microsoft pulled the entire GitHub account of a researcher disclosing CVEs the same vendor was responsible for patching. The DFIR Report tracked a React2Shell mass-exploitation pipeline using an AI coding agent as its operator-side harness against 900 successful targets. The pattern sits one layer up from the individual incidents. The AI assistant, the CI credentials, the multisig module, the bug-bounty platform, and the agent harness all sit on the trust surface a digital asset firm assumes is on its side, and each of them is the entry point this week to the validator keys, custody signing flows, bridge relayer secrets, and exchange admin sessions on the same workstations and in the same vaults. DLTA maps that intelligence-to-control loop for the trust surface that asset inventories never list as attack surface. #SupplyChainSecurity #Web3Security #CTI #ThreatIntel

A CVSS 10 in Cisco Secure Workload, a directory traversal in Trend Micro Apex One, and a Polymarket drain through an internal operations wallet all landed inside one 24-hour window. All three failed at the management layer. Secure Workload exists to enforce segmentation; Apex One is the endpoint agent; the Polymarket account was, by its operator's own description, for internal operations. Attackers now move through the console, the security agent, and the operational account, because those are the components every other system trusts by default. For a digital asset firm, the management layer is where it administers validator keys, RPC credentials, and custody signing flows. DLTA maps the intelligence-to-control loop for that layer, the one most asset inventories never list as attack surface. #CTI #Web3Security #ThreatIntel