It doesn't happen very often, but Project Zero is hiring! goo.gle/41DBQBY Please share with anyone you think would be awesome for the role 🎉 Looking for at least one person. DMs open if you want to reach out about the role. The team: youtu.be/My_13FXODdU

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282) : labs.watchtowr.com/exploitation-w…

Today Google announced a new OSV-SCALIBR: A library for Software composition analysis. It allows to extract software dependencies, generate SBOM’s and scan them via osv.dev! More details in our blogpost: security.googleblog.com/2025/01/osv-sc…

"If you've ever wondered “how expensive should this LLM be to train” or “how much memory do I need to serve this model myself” or “what's an AllGather”, we hope this will be useful to you." jax-ml.github.io/scaling-book/

Exploiting the TP-Link TL-WR940N router with CVE-2024–54887 (stack buffer overflow) infosecwriteups.com/reversing-disc… #embedded #infosec

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials. bughunters.google.com/blog/542484235…

New Google DeepMind research: novel framework to evaluate AI cyberattack capabilities across the entire attack chain. Grounded in 12K real-world instances. arxiv.org/pdf/2503.11917

Google launches Sec-Gemini v1, a new experimental cybersecurity model. security.googleblog.com/2025/04/google…

In 2024, attackers exploited 75 zero-days across end-user platforms and enterprise tech. Google’s latest report unpacks what this trend says about evolving threat priorities. Full analysis here: bit.ly/4cTQzMI

It’s happening. AI models are finding zero-day vulnerabilities. This blog post is a must-read and marks a new era for cybersecurity.

GreyNoise Discovers Stealthy Backdoor Campaign Targeting ASUS Routers. Attacker tradecraft reflects APT-like behavior: quiet, durable, and designed for long-term access. Full blog: greynoise.io/blog/stealthy-… #Cybersecurity #ThreatIntel #GreyNoise #ASUS

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

101 Chrome Exploitation — Part 0: Preface We are starting a new series on modern browsers' architecture and their exploitation using Chrome as an example. Readers will learn how browser subsystems are implemented, how their security is ensured and how it is violated with

"Developed by Google DeepMind & Google P0, Big Sleep can help security researchers find 0-day sw security vulnerabilities. Since it was introduced last year, it has continued to discover multiple flaws in widely-used software, exceeding our expectations" cloud.google.com/blog/products/…

Protect your systems from leaked credentials! 🚨 We're excited to announce Veles, a new open-source secret and credential scanner from Google. Veles helps you find and fix sensitive data exposures in your source code and artifacts, with more features on the way! Learn how Veles

Great to see this live! Let's see how the trial pans out 🍿👀

See mathematician Michel van Garrel talking about how our latest Gemini Deep Think model was able to prove a conjecture using a very different approach than he was considering.

Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini — goo.gle/bigsleep

Efficient training of neural networks is difficult. Our second Connectionism post introduces Modular Manifolds, a theoretical step toward more stable and performant training by co-designing neural net optimizers with manifold constraints on weight matrices.

LoRA makes fine-tuning more accessible, but it's unclear how it compares to full fine-tuning. We find that the performance often matches closely---more often than you might expect. In our latest Connectionism post, we share our experimental results and recommendations for LoRA.