⚠️ @RSF_inter has uncovered a previously unknown #spyware tool used by the State Security Committee (KGB) of 🇧🇾Belarus to target, among others, journalists and media workers. https://t.co/Khpio9TA2C

We launched a redesigned Project Zero website today at https://t.co/Prd8nehY7q ! To mark the occasion, we released some older posts that never quite made it out of drafts. Enjoy!

Millions of Americans pay into Medicare their whole lives. When they reach retirement, they expect it to be there for them. If Congress doesn’t act soon, Medicare’s promise may be broken. Learn what’s at stake and how you can help protect access to care for all. 👇

Adobe DNG SDK: areaSpec overlap miscalculation lead to integer overflow, leading to OOB read/write

This issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-43529 is a WebKit use-after-free remote code execution flaw that can be exploited by processing maliciously crafted web

An analysis of a recent 0-click exploit targeting Samsung devices: https://t.co/ChQTJY16QJ

Our playbook for executing as an AI-first company: - AI principles that come before deployment - Governance that accelerates, not slows down - 2x2 framework for choosing the right bets - Three-tier value lens: productivity → automation → net-new work Read more.

🚨 A huge leak exposes the new targets and internal operations of Intellexa, the secretive and murky company behind the notorious Predator spyware. Introducing #IntellexaLeaks, a joint investigation with partners @insidestory_gr, @haaretzcom & WAV Research Collective 🧵👇

We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: https://t.co/mKSWXXWmXG All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!

All my recent activity wasn't for nothing...I'm pleased to announce that I'll be speaking at @DistrictCon with @natashenka about a 0-click to kernel exploit chain for the Pixel 9 in January!

Samsung: QuramDng getOverlap miscalculation leads to integer overflow, leading to out-of-bounds read/write

= Pink

woah...Exploited ITW (CVE-2025-10585)[445380761][compiler][maglev]Type Confusion https://t.co/hDTfgo0aPt https://t.co/g51IHemMKc https://t.co/iphJnonX6e Reported by Google TAG

We’re thrilled to announce Donncha Ó Cearbhaill (@DonnchaC) as our keynote speaker for HEXACON 2025! 💥 No doubt he has plenty of juicy stories up his sleeve 👾

If you've been keeping track on the Big Sleep bug tracker at https://t.co/TeYPpUANyW you might have noticed it lists more bugs now compared to last week. Including a "High impact issue in V8" :)

Exploited ITW (CVE-2025-6558)[427162086]Incorrect validation of untrusted input(transform feedback buffer modification) https://t.co/K7R3nSiQj9 https://t.co/DmvKa9nErk Reported by Clément Lecigne(@_clem1) and Vlad Stolyarov(@vladhiewsha)

HOT CHOCOLATE CEREAL that actually tastes like a packet of hot chocolate I don’t know how we did it but it’s incredible

Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: https://t.co/BYk7k8FAxL

After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_ CVE-2025-23095 to CVE-2025-23107 📍

Qualcomm June 2025 Security Bulletin https://t.co/pD7SaUzvR9 "There are indications from Google TAG that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation"

This Video Can Exploit Your iPhone (CVE-2025-31200) https://t.co/sz8Skjxl9c

🍏iOS 18.4.1 dropped fixing a CoreAudio memory corruption and PAC bypass stating “that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.” https://t.co/2cQFQM6rGF

I found 2 UAF bugs in libxslt with Jackalope, let's find more together! The harness is now included in examples (link below). This also serves as a demo for two not very commonly used modes in Jackalope: grammar mutational fuzzing and sanitizer coverage.

🚨 UPDATE YOUR DEVICES 🚨: Amnesty International uncovers sophisticated zero-day exploit affecting billions of Android devices. Cellebrite's Linux USB exploit was used to unlock the phone of a Serbian youth activist, targeted in December 2024 **after** previous reports abuses