SoK: Current State of Ethereum'S Enshrined Proposer Builder Separation

Initially introduced to Ethereum via Flashbots' MEV-boost, Proposer-Builder Separation allows proposers to auction off blockspace to a market of transaction orderers, known as builders. PBS is currently available to validators through the aforementioned MEV-boost, but its unregulated and...

AI-Powered DEI Web Accessibility Hackathon 2025: Technical Innovations and Real-World Impact

Following the success of the Neuro Nostalgia Hackathon that closed out in 2024, Hackathon Raptors has completed its…...

The US Army Is Using ‘CamoGPT’ to Purge DEI From Training Materials

Developed to boost productivity and operational readiness, the AI is now being used to “review” diversity, equity, inclusion, and accessibility policies to align them with President Trump’s orders...

Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council

The effort aims to help close gender and racial pay gaps Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council BWWC. The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial wage...

Crickets from Chirp Systems in Smart Lock Key Leak

The U.S. government is warning that "smart locks" securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The locks maker Chirp Systems remains unresponsive, even though it was first notified about the critical...

equity-subcommittee.psanz.com.au Cross Site Scripting vulnerability OBB-3883330

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Rapid7 Recognized by Newsweek as one of ‘America’s Greatest Workplaces for Diversity for 2024’.

On December 13th, Newsweek Magazine published their list of ‘America’s Greatest Workplaces for Diversity for 2024’. Like many companies today, Rapid7 recognizes the positive impact diversity plays in driving organizational success, attracting and retaining exceptional talent, and creating positiv...

Diligere, Equity-Invest Are New Firms of U.K. Con Man

John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest.ch, and...

A MINTER CAN STOP A QUALIFIED POOL SHARE HOLDER FROM DENYING THE MINTER DURING THE APPLICATION PERIOD BY FRONT-RUNNING THE TRANSACTION

Lines of code Vulnerability details Impact A minter can stop a Qualified pool share holder from denying the minter during the application period by front-running the transaction Consider the following scenario: 1 . Assume minter is User A and Qualified pool share holder is User B. 2 . User A call...

An attacker whose a 3% shareholder can wipe-out all the tokens of anyone using a flash-loan

Lines of code Vulnerability details Impact A 3% votes holder can wipe the equity of any other holder using the restructureCapTable function. Proof of Concept 1. a Be a 3% votes holder or have helpers that together have 3% 2. b Reduce the equity to be less than MINIMUMEQUITY This could be done by...

Lack of slippage in redeem can result in loss of shares for redeemer

Lines of code Vulnerability details FPS holders can redeem their shares against zchf using redeem File: Equity.sol 276: function redeemaddress target, uint256 shares public returns uint256 //@audit no slippage, calculateProceeds can return 0 277: requirecanRedeemmsg.sender; 278: uint256 proceeds ...

function restructureCapTable() in Equity.sol not functioning as expected

Lines of code Vulnerability details Impact Incorrect typo in function restructureCapTable leading to only burning tokens of first address of addressToWipe array arguement. Proof of Concept Here, in L313, addressToWipe0 only takes first address of the array. While ignoring the rest and also since...

User minting FPS can get grieved by equity loss event

Lines of code Vulnerability details minting in onTokenTransfer handles the case equity = MINIMUMEQUITY, "insuf equity"; // ensures that the initial deposit is at least 1000 ZCHF 245: 246: // Assign 1000 FPS for the initial deposit, calculate the amount otherwise 247: uint256 shares = equity =...

Equity.restructureCapTable only restructures one address at a time

Lines of code Vulnerability details Equity.restructureCapTable allows qualified FPS holders to restructure the system, that is: burning shares of other holders that did not participate in putting equity above water. File: Equity.sol 309: function restructureCapTableaddress calldata helpers, addre...

brandequity.economictimes.indiatimes.com Open Redirect vulnerability OBB-3230549

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Celebrating Women’s History Month at Rapid7

Each March, we reflect on the historical accomplishments and ongoing need to support women. This, of course, should be embraced all 12 months of the year, but Women’s History Month gives us a special opportunity to learn from, celebrate, and amplify the voices of women. At Rapid7, we’re shining a...

ADS-B Exchange, the Flight Tracker That Powered @ElonJet, Sold to Jetnet

ADS-B Exchange, beloved for resisting censorship, was sold to a company owned by private equity—and now even its biggest fans are bailing...

The Intelligent Listing: Cybersecurity Job Descriptions That Deliver

Modern job descriptions have quite the reputation for causing reactionary eye-rolling. Why? Because what used to be a couple of paragraphs – about requirements and experience for performing a cybersecurity analyst job – is actually now filled with a laundry list of criteria that make candidates...

EXNESS: IDOR in Stats API Endpoint Allows Viewing Equity or Net Profit of Any MT Account

Hi Team, Today I logged into my Exness PA and noticed an updated performance page. I thought to give it a quick check and noticed that the API endpoints responsible for fetching the stats performance chart /stats/ is vulnerable to IDOR via accounts= parameter. The issue allows fetching the stats ...

The Akamai Foundation: Making a Global Impact

In 2021, the impact of the Akamai Foundation’s philanthropic activities continued to expand beyond science, technology, engineering, and mathematics STEM education, deepening our commitment to digital equity and inclusion around the globe and to making a positive impact in the communities we serv...