Just shipped on Immunefi: Priority Mediation. For a while now, security researchers have been telling us the same thing: when you've put real work into a report and you believe in it, waiting weeks for a mediator to pick it up is brutal. Priority Mediation now lets researchers who are confident in their submission pay to get faster resolution with a hard commitment: resolution within 30 business days, mediator status updates at least every 7 business days along the way. A couple things I want to be explicit about, because they matter: 1) Free mediation requests are reviewed by the same trained mediators, using the exact same decision framework. 2) The tier you choose affects the queue, not the verdict. A paid mediation does not buy you a favorable outcome. It buys you speed and additional hands-on activity. Every case gets the same impartial review, full stop. If we ever blurred that line, the whole system would be worthless. This is one of several changes we're shipping based on direct researcher feedback. Keep it coming so we can usher in SR Summer.

🚨Chegg $CHGG is now down 99% from its peak because AI has killed its business entirely. Chegg was a $14.7 billion edtech company that charged students $20 a month for homework answers from a database of 79 million solutions built over a decade. Then ChatGPT launched in November 2022. Five months later Chegg's CEO admitted it was destroying their business. The stock dropped 48% in a single day. Revenue dropped 49% by Q4 2025. Subscribers collapsed from 5 million to under 3 million. The company fired 67% of its staff in two rounds last year and shut down all US and Canada offices. AI does the same thing instantly for free and explains the concept behind it. It went From $14.7 billion marketcap to $114 million in 39 months. The first company to be officially killed by AI.

blackhat is selling an alleged 0-day critical severity opensea vulnerability that allows for force transfer of NFTs for 0 ETH

Sherlock AI reported a Critical vulnerability in the @40acresFinance protocol. The 40acres team generously allowed us to share the details publicly so others can learn from the finding. Here’s how the vulnerability worked: First, veNFTs are a special type of vote-escrowed ERC721 tokens that earn weekly rewards. 40acres gives veNFT holders instant access to loans based on their veNFT’s future revenue. Each borrower’s veNFT sits inside a personal PortfolioAccount that routes functionality through modular “facets” using the diamond proxy pattern. The exploit allows an attacker to reclaim their collateral (veNFT) from their PortfolioAccount without repaying the loan. Check out the aerodromeVote() function below. 40acres has a very cool feature that allows borrowers to vote with their veNFTs held as collateral in 40acres. The function has the following problem: The loanContract address is not validated, allowing a malicious user to specify an arbitrary contract. This contract could be approved to control the veNFT in the PortfolioAccount, enabling its transfer during the vote() call in the malicious loanContract. Attack Steps 1) Attacker deploys a malicious contract that implements ILoan.vote(uint256) to call transferFrom/safeTransferFrom to transfer the approved veNFT. 2) Attacker calls portfolioAccount.aerodromeVote(maliciousContract, tokenId). The portfolio fallback delegates to the facet, which lacks input validation and calls maliciousContract.vote(tokenId) and transfers the veNFT back to the attacker, even though the loan has not been repaid. Note: The repetition of the bug causes the lending pool to be drained - doing it once is just taking a loan & stealing your veNFT back. Impact Unbacked loans across the system. Any borrower can reclaim their own collateral mid-loan, leading to full insolvency of the lending pool. Acknowledgements Thank you to @defsec_, @vinica_boy, and @onthehunt11_ for helping with this writeup. Important to know: The 40acres team discovered the bug and applied a fix prior to launch Detected by Sherlock AI You can see the original issue as generated by Sherlock AI in the next tweet. The run took 3 hours 59 minutes from start to finish. Sherlock AI brings security to the development process, scanning commits and call paths early, surfacing high-impact flaws fast, and giving auditors clearer visibility into complex systems. In practice, that means issues like this can be caught and resolved long before audits, bounties, or deployment. Try Sherlock AI for your protocol today.

We are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/germany…

shapecraft² results are in! the judges have scored the submissions. so many great community projects! but some clearly stand out as the winners…

anyways here's me verifying an account using Batista in WWE 2K25