Cybercriminals are now hiding malware in Ethereum smart contracts, sneaking it into code libraries. Experts say they’ve never seen this before: attackers are bypassing npm protections and improving fast.

Hackers don’t sleep, which means cybersecurity has to move even faster.

Interested in the dark web but got no idea how to explore?

We got you fam.

https://open.substack.com/pub/investigator515/p/lights-on-hazards-off-safely-exploring

Cybersecurity Insights made the list of Podcasts for Thought Leaders You Should Listen To in 2026!

Full list: https://www.thinkers360.com/125-podcasts-from-thinkers360-thought-leaders-you-should-listen-to-in-2026/

Cybersecurity Insights covers strategic aspects of cyber risk management, emerging risks, and chat with industry leaders to dive into the most interesting cybersecurity challenges, perspectives, and best practices.

Subscribe:
https://www.youtube.com/CybersecurityInsights

🥸Phishing is old news. Today attackers pose as remote workers using AI-made CVs, deepfakes in interviews, even passing probation. The goal: keys and internal systems. In August alone, over 320 cases of North Korean agents infiltrating companies as IT staff were reported.

Strong walls mean nothing if the enemy walks through the front door disguised as trust.

🚫 ScamSniffer warning: Searching DeFi sites on Google is like playing Russian roulette with your wallet.
Scam ads for Aave, PancakeSwap, Pendle, and more often appear right at the top of search results.
One wrong click — and your wallet gets drained.
Stick to direct links or trusted sources. In crypto, shortcuts can be expensive.

The CrowdStrike Post Incident Review tries to assure customers that their quality assurance is robust.
Check out the full review: https://www.youtube.com/watch?v=wlBJBbkVkmc

"DNSSEC was enabled for their domain, when the attackers attempted to flip their nameservers, presumably to effect some manner of phishing or malware injection attack, DNSSEC-aware resolvers (which most are these days) began dropping queries. This is as it should be, and it demonstrated the value of DNSSEC-signing your domains."

https://easydns.com/blog/2026/04/18/we-screwed-up-and-we-own-it-the-eth-limo-shtshow-is-on-us/

solana Co-Founder Raj Gokal Targeted in Cyberattack
Raj Gokal was hit with a double breach—a Coinbase data leak and a hack of rapper Migos’ Instagram account. Hackers posted Gokal’s ID and family photos, demanding 40 BTC in ransom.
The Migos account has since been restored. Raj confirmed that attackers also attempted to compromise his email, Apple, Google, and social accounts.
Cybersecurity in Web3 remains as critical as ever.
Let me know if you want a headline or cover image for this too.

Dropped this piece on Operation Aurora on Bulb first, just for you guys.

Thanks for all your support fam


https://www.bulbapp.io/p/2529f3c0-ad00-40e4-9517-1bd18067ea4f/historical-hacks-operation-aurora