woah...Exploited ITW (CVE-2025-10585)[445380761][compiler][maglev]Type Confusion https://t.co/hDTfgo0aPt https://t.co/g51IHemMKc https://t.co/iphJnonX6e Reported by Google TAG

We’re thrilled to announce Donncha Ó Cearbhaill (@DonnchaC) as our keynote speaker for HEXACON 2025! 💥 No doubt he has plenty of juicy stories up his sleeve 👾

If you've been keeping track on the Big Sleep bug tracker at https://t.co/TeYPpUANyW you might have noticed it lists more bugs now compared to last week. Including a "High impact issue in V8" :)

Exploited ITW (CVE-2025-6558)[427162086]Incorrect validation of untrusted input(transform feedback buffer modification) https://t.co/K7R3nSiQj9 https://t.co/DmvKa9nErk Reported by Clément Lecigne(@_clem1) and Vlad Stolyarov(@vladhiewsha)

Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: https://t.co/BYk7k8FAxL

After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_ CVE-2025-23095 to CVE-2025-23107 📍

Qualcomm June 2025 Security Bulletin https://t.co/pD7SaUzvR9 "There are indications from Google TAG that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation"

This Video Can Exploit Your iPhone (CVE-2025-31200) https://t.co/sz8Skjxl9c

🍏iOS 18.4.1 dropped fixing a CoreAudio memory corruption and PAC bypass stating “that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.” https://t.co/2cQFQM6rGF

I found 2 UAF bugs in libxslt with Jackalope, let's find more together! The harness is now included in examples (link below). This also serves as a demo for two not very commonly used modes in Jackalope: grammar mutational fuzzing and sanitizer coverage.

🚨 UPDATE YOUR DEVICES 🚨: Amnesty International uncovers sophisticated zero-day exploit affecting billions of Android devices. Cellebrite's Linux USB exploit was used to unlock the phone of a Serbian youth activist, targeted in December 2024 **after** previous reports abuses

I tweeted before about the Apple CoreAudio issues found by Google TAG. Well, the fuzz harness used to find these issues is now included in Jackalope examples, see https://t.co/nlVqpetOUN . Happy fuzzing! :)

BREAKING | WhatsApp has revealed that nearly 100 journalists and civil society members were targeted by Israeli spyware company Paragon Solutions, which used a “zero-click” method to secretly infect devices. The spyware, Graphite, provides full access to compromised devices,

The latest Apple security update contains fixes for three CoreAudio issues (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163). These were found by Google Threat Analysis Group using Jackalope fuzzer.

As a New Year resolution, consider applying to Project Zero :)

🚨 BREAKING: Amnesty’s latest report on digital surveillance in Serbia: new *NoviSpy* spyware discovered; zero days identified and patched; and first evidence showing use of Cellebrite UFED forensic products to unlock phones to then infect with spyware. 🧵

If you've ever wondered if one can determine a vuln from just the kernel panic logs, @__sethJenkins (feat. @tehjh & @benoitsevens) have something to share: https://t.co/6ovPlKKI46 Great to collaborate with @amnesty, find vulns and get them fixed:

Apple patches two 0days marked as exploited on Intel-based Macs. Also fixed in new iOS 18.1.1 https://t.co/OV63n0fRpD

Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox * No longer limited to d8 * Rewards for controlled writes increased to $20k * Any memory corruption outside the sandbox now in scope https://t.co/LMTEEFZmT4 Happy hacking!

The #HEXACON2024 talks have started to trickle in on YouTube, go check them out 🔥: https://t.co/vizf0Jv8rf