Following last week's provisional agreement between @EUCouncil and @Europarl_EN on the NIS Directive revision (#NIS2), I'm thrilled to report that it will provide guidance for EU countries to implement a national Coordinated Vulnerability Disclosure (CVD) policy. A thread 🧵👇

What we need is one company form, one registry, one market. Not 27 flavours of the same headache. Let’s get it done! #EUINC https://t.co/jddp3lUKT0

“The hacker spirit guides us through situations once thought hopeless. Hacking is a way to answer your own burning questions, a way to discover your own potential, and a way to create a world you want to live in.” ❤️

Today as part of our commitment to transparency in this space, we are proud to announce that we have reported the first 20 vulnerabilities discovered using our AI-based "Big Sleep" system powered by Gemini —

We released our Fuzzilli-based V8 Sandbox fuzzer: https://t.co/eVkR1bl76n It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. We have outlined mitigations and detections in our blog. Our team is working urgently to release

As for my next steps, it's a crazy world out there, so we'll see! One thing is certain: there is so much to build. I'm looking forward to discovering what the next adventure brings and contributing to what comes next.

Getting the chance to work alongside many of the people across @Google, @GoogleCloudSec, @Mandiant, @GoogleDeepMind that I considered childhood heroes has been a particular highlight, and it's an incredible opportunity I definitely won't take for granted. I'll miss you all.

What I've valued most, however, are the people. Thank you all for being such fantastic colleagues – for the support, the laughs, the teamwork, and the shared learning experiences.

After five rewarding years here at @Google, I've decided it's time for me to move on. I am incredibly grateful for the opportunities I've been given during my time here. I've learned a great deal, worked on challenging and exciting projects, and truly valued the experience.

Forse il miglior pesce d'aprile mai apparso in Italia. Nel lontano 2018 😢 cc: @diegopia

Developers, tired of DOM XSS in your web applications? 😩 We were too. See how we refactored our code to solve Trusted Types violations in Gmail & AppSheet. Your guide to a safer web is here! https://t.co/jywuZicT2N

❌ Eliminating almost all exploitable web vulnerabilities? This blog post covers how the Google security team implemented a high-assurance web framework to achieve this goal for its services, and what this framework's most important characteristics are. https://t.co/dohOwvCOtz

I'm headed to @fosdem this weekend! Really looking forward to connecting with fellow open source enthusiasts and meeting new people. If you're also going to be there, please reach out – I'd love to chat! #FOSDEM

Two new posts from @tiraniddo today: https://t.co/StB2knG8FO on reviving a memory trapping primitive from his 2021 post. https://t.co/sbKodaJMe9 where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

🛡️Want to help make the open source world safer and earn up to $45k 💰? We've revamped our Patch Rewards Program, extending its scope and increasing rewards for security patches – with a particular focus on memory safety, including bonus multipliers! https://t.co/pUiYgTRdsA

Today, we announced the official release of OSV-SCALIBR, Google's software composition analysis library. If you are working in vuln management / security scanning, SCALIBR is for you! SCALIBR is powering most of Google's vuln scanning. Please RT https://t.co/Xk95hlSQwd

🚨 New: Zero-day vulnerability CVE-2025-0282 in Ivanti Connect Secure VPN is being actively exploited, including by suspected 🇨🇳 China-nexus cyber espionage groups. Our team at @Mandiant in partnership with Ivanti just published our initial findings. 🧵 https://t.co/LEgoZhYjua

#Ivanti released security updates to address CVE-2025-0282—being actively exploited—and CVE-2025-0283, affecting Connect Secure, Policy Secure, and ZTA Gateways. See our Alert for mitigation guidance to help reduce your exposure: https://t.co/7aNpk5oh73

Introducing InternetCTF! 🤯 Earn up to $10,000 for finding RCE vulnerabilities in open-source software AND creating Tsunami plugin patches. Make the internet safer and get rewarded! 🤑 For details on the program, see our latest blog post: https://t.co/kKqWjJTBO3

Can you believe it's already been one year of generative AI bug bounties at Alphabet 🥳? Besides awarding over $50k for 140+ reports, we also received plenty of feedback (thanks 👏 !). Our blog post looks back and at where we're headed in the future. https://t.co/YU10KQXlE7