After more than a month of hard work, PPSSPP is running natively on PlayStation Portal. Yes, we hacked it. With help from xyz and Calle Svensson

Last year I discovered multiple bugs in virtio-net for VirtualBox (CVE-2023-22098, CVE-2023-22099, CVE-2023-22100) and wrote a 100% reliable VM escape using an out-of-bounds write (with ASLR defeat). Published the exploit code: github.com/google/securit…

lets fucking go

In 2 hours Joseph Thacker , Justin Gardner and I will release an article on how we managed to hack Google VRP (Google Bug Hunters) AI scope for 50,000$ Stay tuned 🔥

Looks like newest Ubuntu restricted getting capabilities within user namespaces for all but a few whitelisted applications (e.g., Chrome) 🥳 End of days for netfilter exploits is close? 😃 openwall.com/lists/oss-secu… discourse.ubuntu.com/t/ubuntu-24-04…

Andrey Konovalov ulisses Ubuntu 24.04 also enabled RANDOM_KMALLOC_CACHES. Ironically, this release is probably going to have more kernel CVEs than ever before ;-)

Curious to learn more about ESCAL8, Google's annual security conference? See our blog post to find out what this event holds in store for seasoned bug hunters, aspiring security professionals, and experienced CTF players. bughunters.google.com/blog/484622746…

Excited to share bug detection tool we've been working on w/ Marco Elver: github.com/google/gwpsan It samples unmodified prod binaries with ~1% overhead, can be turned off completely. Detects data races, use-after-return, uninits. Can do more e.g. UAF/OOB in syscalls. Cool tech ...

Most normal CTF reversing challenge

Google CTF 2024 is here soon! Come and enjoy our twisted challenges! 21 June, 18:00 UTC, put into your calendars! security.googleblog.com/2024/06/time-t…

Big news for bug hunters! We've added a new payment option 💰: select Bugcrowd in your profile on bughunters.google.com and profit from ⚡-fast and more flexible payouts. See our blog for details: bughunters.google.com/blog/648393685…

Google CTF is just around the corner, starting June 21 at 6:00 PM UTC! Give your best and earn all the flags to qualify for Hackceler8 2024 in Málaga. Register at goo.gle/ctf. ¡Vamos! For details, see our blog post: bughunters.google.com/blog/543069752…

📢 Chrome VRP reward updates! 💰 Bigger payouts (up to 5x higher, $250,000+) and clearer guidelines, all designed to incentivize high-quality Chrome security research. Let's work together to make Chrome even safer! 🔐 bughunters.google.com/blog/530204429…

Check out our latest post about a vulnerability we disclosed to the Kernel Security Team - “Race conditions in Linux Kernel perf events” binarygecko.com/race-condition…

[Hackceler8 '24, 9 days to go] Mew and friends have disappeared! And what’s more – the lands of Hackceler8 have been completely taken over by new foes, stronger than ever before. Your favorite friends are trapped in limbo. Who can save the day?

We are happy to announce the launch of the Google Cloud Vulnerability Reward Program! The Cloud VRP is specifically dedicated to products and services that are part of Google Cloud. ☁️ 🐞 🤑 cloud.google.com/blog/products/…

[Hackceler8 '24] REMINDER for all CTF enthusiasts: Tune in to our live stream for the finals of Hackceler8, kicking off in 30 minutes (pre-game commentary from 14:15, finals from 14:30 CET). youtube.com/live/LEm1UEjIW…

Google kernelCTF LTS/COS 0-day WIN! Successfully exploited an extremely complex race condition 0-day vuln on two instances without using namespaces 🎉 work with qwerty