Did you know that most modern passports are actually embedded devices containing an entire filesystem, access controls, and support for several cryptographic protocols? Such passports display a small …
Homepage-Fragments
The Trail of Bits cryptography team is releasing our open-source pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205) , two NIST-standardized post-quantum signature algorithms. These …
Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary analysis. The tool …
TL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years. When the bug was first introduced, the threat landscape of the blockchain ecosystem …
We’re releasing Slither-MCP , a new tool that augments LLMs with Slither’s unmatched static analysis engine. Slither-MCP benefits virtually every use case for LLMs by exposing Slither’s static …
Breadcrumb Technology Developers Build with Nano Banana Pro, our Gemini 3 Pro Image model Share x.com Facebook LinkedIn …
In a breakthrough powered by AlphaFold, scientists have mapped the structure of the large protein that gives âbad cholesterolâ its form â a discovery that could help transform how researchers …
At Google, we’ve long invested in ways to provide you with helpful context about information you see online. Now, as generative media becomes increasingly prevalent and high-fidelity, we are deploying …
Increasing speed of discovery Cyril Zipfel, professor of Molecular & Cellular Plant Physiology at the University of Zurich and Sainsbury Lab, saw research timelines shrink drastically. They used …
Trail of Bits is publicly disclosing two vulnerabilities in elliptic , a widely used JavaScript library for elliptic curve cryptography that is downloaded over 10 million times weekly and is used by …
Posted by Mateusz Jurczyk, Google Project Zero Welcome back to the Windows Registry Adventure! In the previous installment of the series , we took a deep look into the internals of the regf hive …
Trail of Bits has developed constant-time coding support for LLVM , providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related …
Guest post by Dillon Franke, Senior Security Engineer , 20% time on Project Zero Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these …
Scientists are using AlphaFold in their research to strengthen an enzyme thatâs vital to photosynthesis, paving the way for more heat-tolerant crops. As global warming accompanies more droughts and …
ai-research
EN
Strengthening our partnership with the UK government to support prosperity and security in the AI era
AI presents an opportunity to build a more prosperous and secure world. The UK has already laid a strong foundation to seize this moment and is uniquely positioned to translate AI innovation into …
ai-research
EN
FACTS Benchmark Suite: Systematically evaluating the factuality of large language models
Large language models (LLMs) are increasingly becoming a primary source for information delivery across diverse use cases, so itâs important that their responses are factually accurate. In order to …
Today, we’re announcing an expanded partnership with the UK AI Security Institute (AISI) through a new Memorandum of Understanding focused on foundational security and safety research, to help …
Posted by Mateusz Jurczyk, Google Project Zero In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further …
Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post , we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. …
Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current “90+30” model. Our goals were to drive faster yet thorough patch …
Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain …
Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, …
Let’s say an environmental scientist is studying whether exposure to air pollution is associated with lower birth weights in a particular county. They might train a machine-learning model to estimate …
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being …
Introduction I’ve recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As …