Memory safety bugs like use-after-free and buffer overflows remain among the most exploited vulnerability classes in production software. While AddressSanitizer (ASan) excels at catching these bugs …
AI Security Roundup
Daily feed of AI security, malware, and defensive research updates.
I recently attended the AI Engineer Code Summit in New York, an invite-only gathering of AI leaders and engineers. One theme emerged repeatedly in conversations with attendees building with AI: the …
Go’s arithmetic operations on standard integer types are silent by default, meaning overflows “wrap around” without panicking. This behavior has hidden an entire class of security vulnerabilities from …
With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from …
Software signatures carry an invisible expiration date. The container image or firmware you sign today might be deployed for 20 years, but the cryptographic signature protecting it may become …
Last year, our engineers submitted over 375 pull requests that were merged into non–Trail of Bits repositories, touching more than 90 projects from cryptography libraries to the Rust compiler. This …
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host …
While on Project Zero, we aim for our research to be leading-edge, our blog design was ⦠not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to …
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click …
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec …
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting …
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection . The goal of this feature is to replace User Account Control (UAC) with a more robust and …
In the first part of this series , I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability ( CVE-2024-54529 ) and a double-free vulnerability ( …
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didnât exist. I described one of the ways I was …
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it’s time for a …
Our first story of 2026 revealed how a destructive new botnet called Kimwolf has infected more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes . …
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” …
A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to …
iPhone Lockdown Mode Protects Washington Post Reporter 404Media is reporting that the FBI could not access a reporter’s iPhone because it had Lockdown Mode enabled: The court record shows what devices …
LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days This is amazing : Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of …
I Am in the Epstein Files Once . Someone named “Vincenzo lozzo” wrote to Epstein in email, in 2016: “I wouldn’t pay too much attention to this, Schneier has a long tradition of dramatizing and …
Friday Squid Blogging: Squid Fishing Tips This is a video of advice for squid fishing in Puget Sound. As usual, you can also use this squid post to talk about the security stories in the news that I …
AI-Generated Text and the Detection Arms Race In 2023, the science fiction literary magazine Clarkesworld stopped accepting new submissions because so many were generated by artificial intelligence. …
Rewiring Democracy Ebook is on Sale I just noticed that the ebook version of Rewriring Democracy is on sale for $5 on Amazon , Apple Books , Barnes & Noble , Books A Million , Google Play , Kobo , …
Prompt Injection Via Road Signs Interesting research: “ CHAI: Command Hijacking Against Embodied AI .” Abstract: Embodied Artificial Intelligence (AI) promises to handle edge cases in robotic vehicle …