The wait is over! 🔥 PwnMe CTF 2025 qualifications start this Friday! 📅 February 28 – March 2 💻 No team size limit 🧩 Pwn, Web, Crypto, Reverse & Misc Top 16 teams qualify (8 Academic, 8 Professional) Finals on April 12 at ecole2600 🇫🇷 Sign up now 👉 pwnme.phreaks.fr

PwnMe CTF qualifications are now over! Congratulations to the winning teams: 🥇 RedRocket.Club 🥈 Flat Network Society 🥉 Friendly Maltese Citizens The journey isn’t over yet, see you in France for the finals! 🇫🇷 Thanks to everyone who participated!💘

🚀 New Writeup Alert! 🚀 We tackled the Stargazer challenge from HTB University CTF 2024, diving deep into smart contract hacking & proxy vulnerabilities. 🛠️ Here’s a breakdown of how we solved it! 🧵👇

🚨📢 Insomni'hack 2025 🛡️💻 Approximately 600 participants engaged in the hacking competition, tackling 33 challenges. Congratulations also to the academic winners: 🥇Polyflag 🥈LosFuzzys 🥉PHREAKS 2600 🚀 See you next year for new adventures! #INSO25 #CTF

This weekend, we competed in Insomni'hack CTF and finished 🥉top 3 academic and top 10 overall! It's our third year in a row in the top 3 academic, and the competition keeps getting better every time. Big thanks to the organizers for a well-run event!🔥

For those curious about how some of the PwnMe 2025 finals challenges worked, I just published two writeups on my GitHub: github.com/Ectario/articl… 1 Crypto Medium (super-increasing sequences + LWE) & 1 Blockchain Insane (fullchain exploit over a Diamond Proxy to drain a pool)

🔐 We were proud to sponsor #PwnMeCTF 2025, organized by PHREAKS 2600 & ecole2600 ! 🎉 The finals took place last weekend at 2600 Campus with international teams battling it out onsite 🇫🇷 Huge congrats to everyone who played, and shoutout to the organizers (rayanlecat & co)

Check out my latest research of snapshot fuzzing :)

Uncovering Hidden Threats in Ethereum Virtual Machines 🚨 At #Zer0Con2025, we exposed critical vulnerabilities in Ethereum Virtual Machines (EVMs) using fuzzing. Here’s what you need to know 🧵👇 #Ethereum #EVM #Fuzzing #BlockchainSecurity

📚A Study on STARKs is live. This campaign explores the theory behind how STARKs verify computation — through two foundational steps: -AIR: express computation as polynomials -FRI: prove a function is a polynomial 👇 nodeguardians.io/campaigns/a-st…

#ECSC2025 | 🐓 Découvrez la #TeamFrance 2025 ! 🇫🇷 Sélectionnés à l'issue du FCSC, les joueurs de la ECSC Team France représenteront la drapeau tricolore à Varsovie, en Pologne, dans le cadre de l'European Cybersecurity Challenge. 🔔 RDV en octobre ! PS: #YouAreAllWinners

🚨 Security Disclosure — ICON Validators at Risk 🚨 We (FuzzingLabs) privately disclosed a serious vulnerability in the ICON node client via Immunefi. The issue directly affects all validator nodes on the ICON network. Shortly after our report, ICON Foundation 🌐🔀 cancelled their

A detailed analysis of the GMX 🫐 attack. (1) The "refund" logic makes a malicious -> The attacker jail-break the restrictions to perform multiple actions in 1 transaction. As my previous tweet analyzed, the attacker fooled the frontend (the keeper bot) to hijack the control

🚀 We just released sol-azy on GitHub! A modular CLI for static analysis & reverse engineering of #Solana sBPF programs — with disassembly, CFGs, and Starlark rule support. 🧵 github.com/FuzzingLabs/so… 👀 Docs: fuzzinglabs.github.io/sol-azy/introd… #Solana #RE #Security #Rust

Ever wanted a single tool to build, analyze (static analyzer), fetch, and reverse engineer Solana SBPF programs? 💻 We built Sol-azy, a modular CLI toolkit for security researchers: fuzzinglabs.com/introducing-so… Let’s break it down 🧵

Sol-azy is a static analysis tool for the sol eco, allowing you to: - reverse ⏪ - analyze 🧐 - poke at Solana programs 👈 github.com/FuzzingLabs/so…

🚀 We're excited to announce the release of FuzzForge Open Source (OSS)! FuzzForge is our open-source platform designed to automate offensive security workflows & AI Agents, from static analysis to fuzzing, debugging, and root cause analysis, all with AI assistance. 🔷

💣 We caught Y Combinator–backed Gecko Security stealing two of our CVEs, one on ollama , one on Gradio. They copied our PoCs, claimed CVE IDs, and even back-dated their blog posts. Here’s the full story 👇

🚨On Oct 16, the DeFi project Typus Finance on the #Sui was exploited. The team released a post-mortem report and thanked SlowMist for assisting in the investigation & fund tracing.🤝 We’ve published a deep dive into the root cause — a permission validation flaw that allowed