HexNomad

No security feature is perfect. @tiraniddo.dev reviewed Windows’ new Administrator Protection and found several bypasses.

projectzero.google/2026/26/wind...

At the gpg.fail talk and omg #39c3

You can just put a \0 in the Hash: header and then newlines and inject text in a cleartext message.

Won’t even blame PGP here. C is unsafe at any speed.

gpg has not fixed it yet.

A look at an Android ITW DNG exploit Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...

An analysis of a recent 0-click exploit targeting Samsung devices: googleprojectzero.blogspot.com/2025/12/a-lo...

We derestricted a number of vulnerabilities found by Big Sleep in JavaScriptCore today: issuetracker.google.com/issues?q=com...

All of them were fixed in the iOS 26.1 (and equivalent) update last month. Definitely some cool bugs in there!

We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See crbug.com/382005099#co... for a PoC exploit. Also affected other browsers

U.S. government accuses former L3Harris cyber boss of stealing trade secrets | TechCrunch The U.S. Department of Justice accused Peter Williams, former general manager of L3Harris’ hacking division Trenchant, of stealing trade secrets and selling them to a buyer in Russia.

NEW: The U.S. govt accused Peter Williams, ex general manager of hacking tool maker L3Harris Trenchant, of stealing trade secrets and selling them to buyer in Russia.

As we reported earlier, Trenchant investigated a leak of internal tools this year. It's unclear if that investigation is related.

Exclusive: Apple alerts exploit developer that his iPhone was targeted with government spyware A developer at Trenchant, a leading Western spyware and zero-day maker, was suspected of leaking company tools and fired. Weeks later, Apple notified him that his personal iPhone was targeted with spy...

SCOOP: A man who worked on developing hacking and surveillance tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with mercenary spyware.

The developer believes he was targeted after he was wrongly accused of leaking zero-days developed by Trenchant.

Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.

project-zero.issues.chromium.org/issues/42807...

We now have a (draft) @metasploit-r7.bsky.social exploit module in the pull queue for the recent Microsoft SharePoint Server unauthenticated RCE zero-day (CVE-2025-53770), based on the in-the-wild exploit published a few days ago. Check it out here: github.com/rapid7/metas...

Google fixes bug that could reveal users' private phone numbers | TechCrunch The bug allowed a researcher to uncover recovery phone numbers of nearly any Google account.

New: A security researcher found a bug that revealed the private recovery phone number of almost any Google account.

TechCrunch verified the bug w/ the researcher, who quickly brute-forced the phone number of a test Google account we had set up.

The Windows Registry Adventure #8: Practical exploitation of hive memory corruption Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post , we focused on the general security analysis of the registry a...

The final part of Mateusz’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for

googleprojectzero.blogspot.com/2025/05/the-...

Blasting Past Webp An analysis of the NSO BLASTPASS iMessage exploit Posted by Ian Beer, Google Project Zero On September 7, 2023 Apple issued  an out-...

Great write-up, as usual, from Project 0 going into even more detail on the BlastPass iOS zero click exploit from 2023: googleprojectzero.blogspot.com/2025/03/blas...

"Windows App to replace Remote Desktop app for Windows"

There's a lot of confusion about what this means, so let me clarify:

This only affects the Remote Desktop App on the *Microsoft Store*, which you most likely don't use

Most system administrators use mstsc, the Windows built-in RDP client

We will never know— we will never have the faintest idea— how much money is getting made in insider trading windfalls from people in Trump's and Musk's circles who have an hour of notice about the daily swings in tariff policy or the occasional announced *expectations* of such swings.

Ghidra 11.3 is OUT!


PyGhidra is the new feature to be excited about.

It’s a Python library providing direct access to the Ghidra API. 



I expect this to massively increase Reverse Engineering tool development, as it significantly reduces the barrier to entry for Ghidra interaction.

Musk Cronies Dive Into Treasury Dept Payments Code Base Overnight, Wired reported that, contrary to published reports that DOGE operatives at...

A 25-year-old DOGE worker named Marko Elez who has admin privileges on Treasury dept systems that control about 95% of payments made by the gov, including Social Security checks, tax refunds and contract payments "has already made extensive changes to the code base for these critical payment system"

New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...

To all our Bluesky friends, feel free to follow us here as we will be posting regular updates as the conference gets closer. See you in May!

Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click

project-zero.issues.chromium.org/issues/36869...

Around 2008 I was in Ottawa and some MoD person mentioned that only a few years ago they stopped wargaming against a US invasion, and I joked "just wait until they run out of water for their golf courses in Arizona"...

Someone is using a fake PoC for the LDAPNightmare exploit to infect researchers and threat actors with an infostealer

www.trendmicro.com/en_us/resear...

Racing round and round: The little bug that could Get the straightforward approach to bug hunting — from an IBM X-Force Red expert.

Another Chompie banger: securityintelligence...

Surfer Gabriel Media leaping from his surfboard at the top of the wave so the he appears to be floating in the air above the water, completely upright, with one arm extended above his head, holding out one finger, his surfboard trailing behind and also floating in the air

Brazil's Gabriel Medina with the best touchdown celebration I've ever seen (Photo: Jerome Brouillet/Getty)

in the 90’s, computers would scream every time you went online. that‘s called foreshadowing

Doesn't get as much attention as what Elon's doing, but every day, a team of people at Google comes to work and asks themselves, "What can we do to make search a little worse?" And they're doing a very good job.

The windows networking stack has been the source of various vulnerabilities over the years, a few of which could lead to remote code execution. This talk wil... Recon2023 Erik Egsgard HuntForRedOctober

Video of the talk I gave at Recon on hunting for bugs in the Windows TCP/IP stack is now up!

youtu.be/jzA5aLrK4OY