I'm so happy for winning the 2nd place at the last Google's LHE, it was really fun. Congrats to @0xLupin @Rhynorater @monkehack @rez0__ for the MVH!

great analogies and conceptualization of client-side attacks

It's a great discussion!

We helped secure @perplexity_ai's comet browser from a critical vulnerability that could let attackers hijack the agent to exfiltrate local files, read emails, and bypass SOP. Read the full blog: https://t.co/Tj3gCOuDxE

❤️

Nice way to keep up with the latest security research :)

@ctbbpodcast A+ podcast. When I get a new episode: let's watch it, I will learn something new. When I feel demotivated: I watch the podcast -> find bugs When I want to push myself to learn things I don't know: watch an episode about things I might not understand at first.

Hitachi Systems Security Journal Vol.73が公開されました。 今回は、昨年のCODE BLUEで“Edge Copilot”の脆弱性に関する研究発表を行った小勝純氏のインタビューをお届けします。

יש כמה סיפורים מעניינים בדרך, אין מספיק זמן לשתף הכל. אמלק: באג האנטר הצליח לעבוד על ג׳מיני של גוגל, לגרום לו לשתף תמונה ובכך לעקוף את מנגנון האבטחה של ג׳ימי. בשביל להבין איך הוא עשה את זה, בואו נדבר על כמה נושאים משותפים בכל הצ׳אטים האלה ומה ההשלכות של דבר כזה. מתחילים >>

New episode is out! - https://t.co/7VprfodxMv In episode 148, @Rhynorater gives us a crash course on Model Context Protocol. This episode is a MUST-watch!

Google's annual security conference, ESCAL8, has concluded. Check out our blog post for a detailed report 👇 Spoiler: includes bugs 🐞🪲🦗, cybersecurity education 🛡️, and a CTF 🏳️ 🏴 https://t.co/z5Fxm8oTjk

https://t.co/fEvdrPKfdC

I'm really excited to share my first research article related to hacking Google Gemini! https://t.co/e7GcJuGLCb #bugSWAT #GoogleVRP

We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the

Combination of side channels (i.e. ability to leak boolean data) with prompt injection is powerful. Unlike other side channel exploits, you get to define `if` condition with prompt injection. While it only leaks true/false, you get to ask anything you want from the context.

When I say this is a crazy episode of CTBB...

bugs

Episode 144 is out! - https://t.co/xwfIUXcvmO In this episode, rez0 brings Monke and Busfactor to discuss their success at the recent Google LHE in Mexico, as well as their journey and routines in full-time hacking.

📢 Exciting News! ESCAL8 and init.g() 2025 are heading to Mexico City this October! 🇲🇽 Find out more about the learning, knowledge sharing, and hacking activities at ESCAL8, and join us for a recap of ESCAL8 2024. https://t.co/IOWje1Bpym

The inaugural Cloud VRP ☁️ bugSWAT event was a record-setter 🏆: With 91 identified vulnerabilities resulting in ~$1.6 million in rewards, the event underscored the value of collaboration with external security researchers. https://t.co/tnBpvRnkFM

How would you grow your coding skills if you were too focused on breaking stuff? (coding software to break stuff?)