🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

This is a supercool bypass! Namespace switching can still be harmful Also thanks for many shoutouts 😄

Looking to make your Go applications safer than ever? Learn more about three new open source libraries that will help you avoid entire classes of vulnerabilities: SafeText, SafeOpen, and SafeArchive. bughunters.google.com/blog/492506820…

Jeśli nie słuchacie podcastu Radio Naukowe, to serdecznie polecam. A zwłaszcza ostatni odcinek z debatą oksfordzką na temat: „Kiedyś to było” 😀

Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun: md5("TEXTCOLLBYfGiJUETHQ4hAcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak") = md5("TEXTCOLLBYfGiJUETHQ4hEcKSMd5zYpgqf1YRDhkmxHkhPWptrkoyz28wnI9V0aHeAuaKnak")

Czy można zgłaszać propozycje odcinków Radio Naukowe? Jeśli tak, to świetnie byłoby posłuchać o ostatnich zmianach w języku polskim, rjp.pan.pl 😀

Google CTF is on! I'm especially curious how many teams will be able to solve the challenge "in the shadows" 😉

Congratulations for the five teams that solved in-the-shadows! The challenge is open-sourced now including a short writeup and a solver: github.com/google/google-…

I didn't manage to solve postviewer v1 in 2022, really close to solve v2 in 2023, but this year finally solve v3 💯 It's my writeup to the GoogleCTF 2024, almost all web challenges are client-side, so I really like it lol blog.huli.tw/2024/06/28/en/…

🚫 DOM XSS, begone! 👋 Discover how we used Trusted Types to protect AppSheet, and how that can inform your own web application's journey to a safer security posture where DOM XSS vulnerabilities are a thing of the past. bughunters.google.com/blog/603789066…

Google VRP significantly increases reward amounts! Just go and hack 😀

[PL] Zapraszam na MSHP do Krakowa! Sam też będę miał tam prezentację 😀

Very nice presentation about web security at a scale by @[email protected]. Finally, web security is solved for good.

Check out the video in which I’m talking with koto about Google VRPs. Learn how you can start hacking Google! Let me know if there’s something you’d like us to cover in future videos 😀 youtu.be/R2qMd4PZbko?si…

It's always nice to talk with Mr @[email protected] 🔥

Do you want to learn more about the various Vulnerability Reward Programs offered by Google? Or you're looking for inspiration? Check the video below in which koto and @[email protected] talk about Google VRPs! youtube.com/watch?v=R2qMd4…

Pewien inżynier bezpieczeństwa musi zadbać o bezpieczeństwo dosłownie tysięcy aplikacji. 💥 Jak to osiągnąć? Michał Bentkowski pokaże kilka rozwiązań, które pozwolą upewnić się, że każda nowonapisana aplikacja zachowuje wysoki poziom bezpieczeństwa. 🎟 omhconf.pl

Reading about new mXSS techniques always warms my heart. Amazing writeup Kévin GERVOT (Mizu) and great bugs!

Celebrating 15 years of password hacking 💻 🔑, Swiss Army knives (and sometimes even chainsaws or swords) included! 😲 Discover how Google's security teams turn employee farewells into security tests. bughunters.google.com/blog/635526578…

🔥 A new (more difficult) era for mXSS will come soon! If nothing breaks, Chromium will start escaping "<" and ">" in attributes starting with M138. See chromestatus.com/feature/626498… for details.

Here's my blog post about escaping `<>` in attributes and why it makes mXSS harder to exploit!