Tyler Doussan

🍀 FRIDAY THE 13TH GIVEAWAY! 🍀 Stop praying—take the reins! 🏇 At BoostLottery, you influence your own odds with LUCK BOOSTERS. 🚀 HOW TO ENTER: ✅ FOLLOW @BoostLotteryIO 🔄 RT this post ⏳ Ends: Friday 13th, 0800 CET. Winner picked from follows/RTs. BOOST IT! 🎰✨

@awesumone7 @VulcanForged @ReneWitch @Berserk_Game Excellent work @ReneWitch 🥰

How about a round of👏to @VulcanForged's 2D graphical artist @ReneWitch who among many other things has created the fabulous artworks for the new 'Sands of Time' set of cards for the @Berserk_Game #TCG #tradingcardgame🔥😍 Tradable on Agora marketplace: agora.elysiumchain.tech/NFTs🪙

@cadenabitcoin @BitcoinBazis I like how the contracts will be based on the value at the contract’s end-date instead of acting like a Margin Call 🍻 This provides stability for your users and the market overall.

What makes Cadena Bitcoin different? Our founder breaks it down on @BitcoinBazis podcast and it’s simpler than you think 👀 Clip below 👇

@AutismCapital @GavinNewsom do better… if you cannot read and write properly, as you stated in a recent interview, then maybe outsource the writing of laws—especially if you don’t understand how the infrastructure functions.

Looks like I will need to make an OS fork before next year 🤪 Crazy how governments are wanting to censor an operating system that runs the software which is what actually needs age verification 🤦‍♂️ ffs the world is ran by unintelligent people who do not understand the systems they write laws on.

🚨FYI: Gavin Newsom has already signed California Assembly Bill 1043 which mandates that operating systems including Windows, Linux, macOS, and FreeBSD implement system-level age (identity) verification. This takes effect on January 1st, 2027. Colorado also has a similar act called SB26-051 which is currently advancing through the committees and ready for full Senate consideration. It would come into effect on January 1st, 2028 if passed. Utah, Texas, Louisiana, and Alabama all currently have app layer verification laws, but not OS level YET. So OS level verification isn't a future thing. It's happening now. They are chokepointing the internet. Enjoy these days.

@GoldinCo Congrats @KenGoldin 🥂

🚨 BREAKING: A NEW RECORD FOR A T206 HONUS WAGNER PSA PR-FR 1! Final Sale Price on the Shields Family T206 Honus Wagner: $5,124,000 The All-Time Highest Public Sale for this card in this grade. 💥⚾️ Email Sell@Goldin.com to consign your Collectibles to one of our upcoming Auctions! 🙌

@Acadian_VF @VulcanVerse Always fun taking down a boss with the community—epic video, thanks for taking the time to make it 🦾🔥

🗡️ DAILY BOSS RAID ALERT 🗡️ Today’s boss was the Abyssal Harpyra from Hades 😈 
Watch how the mortals join forces to take down the daily boss in @VulcanVerse ⚔️🔥 This is peak co-op gameplay, real teamwork, real strategy, real fun.
Every fight feels epic, and every win is earned. If you love community-driven battles, this is where it’s at 👀✨ @VulcanForged $PYR $ELY $V #VulcanVerse #PlayToEarn #MMORPG #Web3Gaming #BossFight

What's rewarding, lore-driven, and absolutely thrilling? -> Our CCG Berserk🔥 And it's returning with Season 6, Sands of Time. Prepare, for the adventure begins on March 2nd. Forge on!

Just dropped a video showcasing the BUILDING side of @VulcanVerse 🔥 Once you get the hang of it… it’s insanely fun. It’s a true sandbox experience, think Minecraft vibes but with next-level assets and graphics. Built in Unity, which makes everything smooth and powerful 💎As soon as the builder hits save, players see the changes LIVE in-game. The world evolves in real time. 🌍 And here’s the powerful part 👇
The plots of land are NFTs. You truly own your piece of the world. Some assets are NFTs too, purchasable on the Agora Marketplace, meaning your builds can contain real, ownable digital assets. Materials for building can be foraged in the world or traded between players, creating a player-driven economy. And we’re getting closer to custom quest creation 👀
Imagine obstacle courses, scavenger hunts, fully player-made adventures… The creative + ownership combo here is next level! $PYR $ELY @VulcanForged #Web3Gaming #NFTs

🔥 VulcanX Trade-To-Earn 🔥 VulcanVerse's 2026 roadmap 🔥 Berserk and Elysium partner updates Recap all our updates this week with this latest VF News episode by @Neswulf.

✨CEO End of Year Video✨ It’s been a grueling year but we’ve done nothing but BUIDL! Here’s our CEO Jamie Thomson with an end of year message: - Reflecting on 2025 - Looking forward to 2026 - Processing your feedback - Announcing Xmas winners (forgive the captions!) $PYR

An incredibly awful security vulnerability just got revealed in MongoDB. So much that it got named after HeartBleed. MongoBleed is a vulnerability affecting all MongoDB versions from 2017 to... today. The exploit is simple. It's a buffer over read bug due to compression. Here's how it works 👇 Clients can send compressed requests to MongoDB. The client helpfully includes the uncompressed size of the message so the server knows exactly how much memory to allocate when decompressing. The server allocates a memory buffer with the given space. Due to how memory management and garbage collection in programs work, this allocated memory may already contain sensitive information that was copied earlier and is considered garbage now (eg because it's unreferenced). This is technically fine - every computer program works that way because it is assumed that whatever unclaimed memory exists there will be overwritten. Unfortunately that’s exactly where the bug lies. 🙃 The server stupidly trusts the client’s provided uncompressed size. When a malicious client lies about the uncompressed size - e.g the actual decompressed size is 100 bytes, but the client says its 1MB - Mongo will treat the full 1MB block as the message. It will unload the 100 byte decompressed msg into the buffer, yet treat the full 1MB block as the msg. This is extremely problematic if you can get the server to return back parts of the 1MB block, because it could contain data you may not have access to. That is exactly what the exploit does - it sends a badly-formatted BSON message. The server fails to parse it, and "helpfully" returns an error message containing the invalid message. The invalid message can be that whole 1MB block of foreign data. To understand the exploit a bit better, you need to understand the MongoDB protocol. • Mongo also uses its own TCP wire format (i.e doesn't use HTTP, gRPC or the like). • BSON is Mongo's message format passed within the TCP wire format. BSON is basically JSON in binary form • Commands in Mongo don't have particular endpoints or RPC names - rather, they are simply JSON-like messages. The action is inferred from the first key of the JSON. For example, an insert request looks like this: `{ "insert": "users", "documents": [ { "name": "alice", "age": 30 } ] }` Every request to the server is therefore decoded into the BSON format as it’s parsed. Critically, BSON parsing of field names (which are strings) work by parsing the field until you hit a null terminator byte (0x00). It works exactly like strings in C, which have their own rich history of vulnerabilities. We can now tie things together: 1. The client lies to the the server that its request has a big uncompressed size, so the server allocates a large block of memory 2. The client sends an invalid BSON with a field which does NOT contain the null terminator (0x00) 3. The server naively tries to parse the BSON field in that allocated block until it hits the first null byte. The first null byte is encountered in some foreign data since the BSON literally doesn't have it 4. The server realizes this is a completely invalid BSON message so it responds with an error. 5. The error response contains the invalid BSON "field". Critically, the server parsed garbage data from the heap in step 3), so it returns that data in the response. Congrats. If the garbage contains passwords or other sensitive info, you’ve hacked MongoDB! Hackers exploit this by sending many malicious requests per second and then attempting to reconstruct the pieces of garbage they received back. What’s critical about this vulnerability is that it works on ANY internet-accessible unpatched instance of MongoDB. 💀 You don’t need to authenticate with the server, because this whole request/response parsing cycle happens before the server can even authenticate. Obviously you can’t authenticate a malformed request which doesn’t contain credentials - so that path of the code never gets executed. The server simply responds with an error response. It just so happens that this error response can contain sensitive data. 🤷‍♂️ Merry Christmas

@midnitecatzlady @mortal__vulcan @bumble8899 @mushmulaonly 😍 epic, thank you for the prize 🙏

Part 1: Day 8 winners of Catz Cross Chain Christmas Congratulations!! @mortal__vulcan Osp Robie U – Unwritten Crusader @bumble8899 Paladine Knight @Nebula_Matrix Osp Robie B - Battleworn @mushmulaonly Arcanis

Day 6 prizes!! Catz Cross Chain Christmas. Live on the #Funkshow @TheArena Like Share Comment EVM!! prizes from @OSP_TD @infygamestech @Berserk_Game @Champ_io @TycheToken

The FINAL VF News of 2025 is here. Featuring a special end-of-year message from the hypeman @JamieThomsonVF. You don't wanna miss this one. $PYR $V

@SanjayWeb3 Good luck 🦾🧑‍💻🍻

Lover to Fighter. One for the books. 🎬

Day 4 of Cats Cross Chain Christmas on @TheArena During the #Funkshow @unclefunkdrew prizes from @OSP_TD @SwordsofBlood_ @infygamestech @Berserk_Game @Champ_io @TycheToken Comment with your EVM to win