🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Our call for paper is only open for a few more weeks, don't wait and take part in #HEXACON2024! 🚨 Find out what we expect from submissions and the benefits offered to speakers: cfp.hexacon.fr/hexacon-2024/c…

the only time you’ll catch him in a collared shirt too! it’s hard to overstate clem1’s impact on disrupting campaigns from the commercial surveillance industry, nice to see him get a bit of the spotlight. looking forward to his Hexacon keynote soon!

🆕🚨 New analysis from Google TAG on suspected APT29 waterholes against 🇲🇳 gov. n-day exploits targeting iOS and Android we first observed in use from commercial surveillance vendors🫢 more details in the blog! awesome work from clem1 and team🤝 blog.google/threat-analysi…

🚨New Report🚨 Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and its Threats to National Security and Human Rights. Explore connections between spyware vendors, suppliers, & supply chains in 42 countries 🌎 Dive deep here: dfrlab.org/2024/09/04/myt…

The #HEXACON2024 talks have started to trickle in on YouTube, go check them out 🔥: youtube.com/playlist?list=…

Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox * No longer limited to d8 * Rewards for controlled writes increased to $20k * Any memory corruption outside the sandbox now in scope bughunters.google.com/about/rules/ch… Happy hacking!

Apple patches two 0days marked as exploited on Intel-based Macs. Also fixed in new iOS 18.1.1 securityweek.com/apple-confirms…

If you've ever wondered if one can determine a vuln from just the kernel panic logs, Seth Jenkins (feat. Jann Horn - [email protected] & Benoît) have something to share: googleprojectzero.blogspot.com/2024/12/qualco… Great to collaborate with Amnesty International, find vulns and get them fixed: securitylab.amnesty.org/latest/2024/12…

🚨 BREAKING: Amnesty’s latest report on digital surveillance in Serbia: new *NoviSpy* spyware discovered; zero days identified and patched; and first evidence showing use of Cellebrite UFED forensic products to unlock phones to then infect with spyware. 🧵

As a New Year resolution, consider applying to Project Zero :)

The latest Apple security update contains fixes for three CoreAudio issues (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163). These were found by Google Threat Analysis Group using Jackalope fuzzer.

BREAKING | WhatsApp has revealed that nearly 100 journalists and civil society members were targeted by Israeli spyware company Paragon Solutions, which used a “zero-click” method to secretly infect devices. The spyware, Graphite, provides full access to compromised devices,

I tweeted before about the Apple CoreAudio issues found by Google TAG. Well, the fuzz harness used to find these issues is now included in Jackalope examples, see github.com/googleprojectz… . Happy fuzzing! :)

🚨 UPDATE YOUR DEVICES 🚨: Amnesty International uncovers sophisticated zero-day exploit affecting billions of Android devices. Cellebrite's Linux USB exploit was used to unlock the phone of a Serbian youth activist, targeted in December 2024 **after** previous reports abuses

I found 2 UAF bugs in libxslt with Jackalope, let's find more together! The harness is now included in examples (link below). This also serves as a demo for two not very commonly used modes in Jackalope: grammar mutational fuzzing and sanitizer coverage. github.com/googleprojectz…

🍏iOS 18.4.1 dropped fixing a CoreAudio memory corruption and PAC bypass stating “that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.” support.apple.com/en-gb/122282

This Video Can Exploit Your iPhone (CVE-2025-31200) youtu.be/nTO3TRBW00E?si…

Qualcomm June 2025 Security Bulletin docs.qualcomm.com/product/public… "There are indications from Google TAG that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation"

After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to Billy, Ramdhan, [email protected] & rainbowpigeon CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…

Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: github.com/DarkNavySecuri…