We (+Ronen Shustin) hacked NVIDIA's Triton AI server by abusing a single error message🚨 The result is unauthenticated RCE allowing attackers to compromise the server and steal proprietary AI models🤯 For more details & mitigations check out our blog Wiz wiz.io/blog/nvidia-tr…

The MSRC team and I are excited up to connect and learn from security researchers and the community at Black Hat & DEF CON this week! If you spot me, I might have a shirt with your name on it. #blackhat2025 #blackhat #defcon Microsoft Security Response Center

Thank you to everyone who joined us at the MSRC Researcher Celebration during #BHUSA last night. It was incredible to see so many members of the security community come together to share stories and build connections. Special shoutout to our 2025 MSRC MVRs for being part of this

Don’t post here much, but this one’s worth it. Managed to win the MVH award at the Google VRP (Google Bug Hunters) 0x0g bugSWAT event in Vegas 🤩

Amazing work! Congrats Dima! 👊🫶Dzmitry Lukyanenko

📢 Exciting News! ESCAL8 and init.g() 2025 are heading to Mexico City this October! 🇲🇽 Find out more about the learning, knowledge sharing, and hacking activities at ESCAL8, and join us for a recap of ESCAL8 2024. bughunters.google.com/blog/482563727…

Thank you for the swag Microsoft Security Response Center ! Nice and soft sweater 😃💪🏻

Heads up for Cloud bug hunters ☁️! From Oct 1, the Cloud VRP is updating its reward structure based on your feedback, including more specific reward categories, fixed reward amounts, and much more! For a full overview 👇 bughunters.google.com/blog/617188814…

Bug bounties for bugs in popular OSS

x.com/i/article/1974…

Today was huge! Ciarán Cotter and I took 2nd place in the Google VRP (Google Bug Hunters) Mexico BugSwat and won Best AI VRP Researchers!

Wrapping up an amazing time at Google #bugSWAT Mexico 2025. It was a privilege meeting so many brilliant people including Ezequiel Pereira, Sreeram KL, Sivanesh Ashok and more. Thrilled that my report was featured in init.g and used to inspire students. That's truly rewarding.

This finally launched! Rewarding (indirect) prompt injection issues which demonstrate security impact is tricky. We decided to go with rogue actions and exfiltration (i.e. focusing on exploitation instead of prompt injection). Looking forward to creative bugs!!

Microsoft just open sourced a Rust implementation of UEFI boot firmware called "Patina" this is a MASSIVE step forward in improving boot security for all. Exciting!!! github.com/openDevicePart…

Some unfinished research by Callum and me that was finally finished and submitted. Thank you Kristian & Grafana ! This was truly patched and rewarded with the speed of light. cve.org/cverecord?id=C…

oh shiiittttttt

We’re hiring offensive security researchers Apple SEAR! We’re looking for skilled researchers across multiple security domains. Learn more and apply here: jobs.apple.com/en-us/details/… If you’re into low level systems like firmware, RTOS, coprocessors, embedded components, or

New Google VRP writeup "Hacking Gemini: A Multi-Layered Approach" for a bounty of $20,000 by Valentino Massaro: buganizer.cc/hacking-gemini…

Only 14 days left to submit your exploit to ZeroDay Cloud! ⌛️ We have also set up a Slack community for researchers who plan to participate or simply attend the event - DM me for the invite link Good luck to all participants!

Only 3 days left to submit your exploits to ZeroDay Cloud! ⏳ We are blown away by the submissions we've received so far. Curious to see which other targets get popped in the final stretch... 👀