🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

3/ A favorite detail: a Cellebrite exploit got caught & vuln patched. This is what happens when your tech is abusively used against activists... Mad impressive technical lift by @google's Project Zero's Seth Jenkins ft Benoît, Jann Horn - [email protected] et al.👇 x.com/__sethJenkins/…

Part 5 of j00ru//vx's Windows Registry Adventure is out! googleprojectzero.blogspot.com/2024/12/the-wi… Incredible depth of knowledge on display, and good to see it shared as a reference with the world ❤️

It doesn't happen very often, but Project Zero is hiring! goo.gle/41DBQBY Please share with anyone you think would be awesome for the role 🎉 Looking for at least one person. DMs open if you want to reach out about the role. The team: youtu.be/My_13FXODdU

Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click project-zero.issues.chromium.org/issues/3686956…

We're pleased to announce Natalie Silvanovich Natalie Silvanovich as the keynote speaker for the inaugural RE//verse. She might have started out hacking Tamagotchis, but she certainly didn't stop there! Join us to learn Natalie's workflow for understanding an attack surface and mining

Two new posts from James Forshaw today: googleprojectzero.blogspot.com/2025/01/window… on reviving a memory trapping primitive from his 2021 post. googleprojectzero.blogspot.com/2025/01/window… where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

github.com/google/securit… Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

I tweeted before about the Apple CoreAudio issues found by Google TAG. Well, the fuzz harness used to find these issues is now included in Jackalope examples, see github.com/googleprojectz… . Happy fuzzing! :)

🚨BREAKING: @Amnesty has detected a new case of misuse of Cellebrite against a youth activist in Serbia. Just two months after our report revealed a widespread campaign of digital surveillance against protestors, the abuses continue. securitylab.amnesty.org/latest/2025/02…

Just derestricted a bug in the Qualcomm NPU used in Android chipsets. Glad to say that this issue is already fixed in the March 3rd Qualcomm bulletin, although it's not in the Android security bulletin yet... project-zero.issues.chromium.org/issues/3800819…

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

Derestricted this bug too...an LPE attack surface one remote bug away from being touchable. It's a pretty nice UAF actually... project-zero.issues.chromium.org/issues/3897249…

CVE-2024-49848 is now fixed...255 days after I reported it! project-zero.g-issues.chromium.org/issues/42451725 Sure it took well over 90 days, but on the OTHER hand it's an aesthetically pleasing number of days.

I'm happy to announce that I'll be speaking at OffensiveCon 2025 on May 16th! See you there :) offensivecon.org

My upcoming conference attendance schedule: Qualcomm Security Conference (speaker): May 7-9 Meta Bug Bounty Researcher Conference (attendee): May 13-14 OffensiveCon (speaker): May 16-17 Come find me at any of those places, but be warned, I will be extremely jetlagged 🤣

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week offensivecon! googleprojectzero.blogspot.com/2025/05/breaki…

"Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit" by Seth Jenkins

My OffensiveCon talk, Unexpectedly Excavating an ITW Exploit, is now available to watch! youtu.be/lnK1iACJ3-c?si…

Unfixed kernel pointer leak derestricted: project-zero.issues.chromium.org/issues/3976959…

The final part of j00ru//vx’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for googleprojectzero.blogspot.com/2025/05/the-wi…