Crypto has many infrastructure projects, but nearly all struggle to find great developers to build them. Here are some thoughts after seeing what worked for Solidity, which is the infra projects with the most number of builders: 1. Are you building for your users rather than

BugBountyHunting.com by payloadartist is a search engine to find new bug bounty write-ups, reports, and other web hacking learning materials! 🤠 🔗 bugbountyhunting.com

I've started working on the 2025 edition of "Hacking: The Art of Exploitation", a beginner-friendly guide to binary exploitation. Wish me luck! r1ru.github.io/posts/8/

In our technical post, we dive deeper into how you can spot more vulnerabilities in Firebase targets! Including more examples of testing for improper access controls and CORS misconfigurations. intigriti.com/researchers/bl…

This is amazing Intigriti

Web2 security: forgot password? Reset link in email Web3 security: forgot private key? Enjoy poverty

$1M+ in Security Grants now available through security.xyz We’re proud to have been selected as one of the auditors on this new public-good platform. Create an account and submit your proposal. We’re ready when you are!

ICYMI Here’s Hartej sharing where Web3 security is today and where it’s headed. Featured on Nasdaq TradeTalks 🎥

We just dove into our shelf of archived bug bounty write-ups from the most notable hackers! 🤠 In this issue, we selected 5 compelling articles (that are still relevant today) to share with you, from which you can learn something new! 😎 🧵 👇

We got Notion to leak your private Notion pages 💀 On Thursday Notion announced Notion 3.0 with support for custom agents using MCP (built by Anthropic) — powerful, but dangerous. Simon Willison calls these MCP related attacks the “lethal trifecta”: the combination of LLMs,

“When you understand the game, you don’t panic.” This quote hit hard for bug hunters.

Repo with resources to build secure Solana programs. Includes: - rust basics ✅ - Anchor ✅ - handpick collection of numerous other handbooks and tips ✅ github.com/0xMacro/awesom…

Red flags to look for when applying to jobs in crypto - linkedin - don't use foundry - degree requirement - code challenge - anon team - more marketing than builders - unpaid "test work" - toxic twitter - empty github - don't take security seriously - shady funding history

Top 5 Underrated OpSec Tools for Blockchain Pros in 2025 🛡️ As a threat researcher, these saved me time & assets. 1) DeBank for multi-chain tracking. 2) BlockSec MetaSleuth for transaction graphs. 3) Delegate for security. 4) Obsidian for flow charts (organise

Lol😂

Your subdomains are at risk of being compromised!🛑 Clean up those DNS records. Its very easy to have Subdomain Takeovers when you deprecate domains, apps, during testing, etc, and forget about them. WHY is this risky? If you have an outdated record you no longer use, anyone

ETHEREUM PROPOSES EIP-7791- A new mechanism to pay contract developers micro GAS REVENUE. EIP-7791 introduces a groundbreaking new opcode called GAS2ETH that enables smart contracts to directly convert gas into ETH. This proposal aims to fundamentally change how smart contract

We built a fuzzing harness for Solana Vaults using Pinocchio and Honggfuzz. Learn how to uncover hidden bugs in on-chain logic (full PoC, setup walkthrough, and runnable example code). Big thanks to mahmoud for the write-up. 🔗 zokyo.io/blog/guide-to-…

Staring at complex code and feeling like you're making no progress? You're not alone. Every developer hits this wall. The key isn't being smarter, it's having better strategies for breaking through complexity. Here's what actually works when code feels impossible to understand

:/