The slides for my Black Hat talk "XMPP Stanza Smuggling or How I Hacked Zoom" are now available at

I am the main developer fixing security issues in FFmpeg. I have fixed over 2700 google oss fuzz issues. I have fixed most of the BIGSLEEP issues. And i disagree with the comments @ffmpeg (Kieran) has made about google. From all companies, google has been the most helpfull & nice

Great news for browser security (and not just because it cites my XSLT research :)). A lot of younger folks don't even know this feature exists, yet is/was the default attack surface in all major web browsers with a history of exploitation.

New Project Zero blog post, Defeating KASLR by Doing Nothing at All

Icarus International Consulting Group | The Car Dealer Playbook How to Outnegotiate a Machine That Has Beaten You Six Times Before You Were Born Despite being one of the largest consumer markets in the United States, with more than forty million vehicle transactions annually,

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. https://t.co/AE0vBXEcob

We derestricted https://t.co/DvAkrs21i4 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See https://t.co/ovkSmnegNP for a PoC exploit. Also affected other browsers

And no, sorry, still no trajectories :/

✨ Meet ABR0 — the evolution of ABR token. Powered by @LayerZero_Core it enables new utility options within the Allbridge ecosystem and offers smoother cross-chain experience.

Also not a bad primer for what can go wrong when implementing a JavaScript engine.

Although the target might not be as impactful as some others we ran against, these bugs in QuickJS are some of my favorite Big Sleep finds, because they demonstrate the ability of LLMs to reason about and detect classic JavaScript engine vulnerabilities.

“I have [...] extreme fear because once things hit this level, you never know what’s going to happen”. Well I guess now he knows how his victims feel.

A fun fact about this bug is that we only had an (entirely internally imposed) ~ 8 hour deadline to find it. Looking forward to sharing more info about it.

A bit slow going, but the next Explorer (for point cloud diffusion) is coming along. Hoping to have it available in game in the next month or so.

Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. https://t.co/LchMIdKP0P

Really excited to finally announce CodeMender! As part of this we've already submitted and upstreamed several patches to OSS projects via OSS-Fuzz. Check out our post at: https://t.co/qgnroQyIzN There will be more technical details and exciting announcements to come!

I reported an arbitrary code execution in Unity Runtime, which affects all versions starting from Unity 2017.1. As the vulnerability can be exploited without specific usage, I strongly encourage developers to patch. Technical details below: https://t.co/af3d28rXw3

A new Project Zero blogpost by @tehjh in which he writes about an interesting and little-known bug class that affected web browses, Linux and, most recently, macOS. The bug class can also be used for leaking pointer tag information in some scenarios.

Super cool potential ASLR leak via dictionary hashing by @tehjh!

In isolation, https://t.co/1VJ5mFZvXA and https://t.co/Wny1SlskAC might not appear very critical. However, together they mean KASLR on Pixel is broken :(. Both of these issues have been declared "working as intended" by the respective vendors :(

I've derestricted 3 unfixed issues in the Google BigWave driver - these bugs are reachable from media decoding contexts on Pixel devices. E.g. https://t.co/KxgeHA6hdw

Oh also this, which is technically WAI but has the unfortunate side effect (because of linear map non-randomization) that instead of bypassing KASLR, you can just use 0xffffff8000010000 as your kernel base instead.... https://t.co/JXMIquQ14s

🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems.

https://t.co/TeYPpUANyW now with even more bugs. Also great to see the first ones getting fixed, including in v8, ANGLE and imagemagick.