NEW: Polish Government has begun notifying #Pegasus spyware targets.

Remarkable to see the accountability from the new gov.

Unthinkable back in 2021 when we Citizen Lab began confirming abuses in #Poland
tvpworld.com/76811115/polan…

Big day for the V8 Sandbox:
* Now included in the Chrome VRP: g.co/chrome/vrp/#v8…
* Motivation & goals discussed in a new technical blog post: v8.dev/blog/sandbox

If there is ever a Sandbox 'beta' release, this is it!

🪲And the 2023 Year in Review of Zero-Days Exploited In-the-Wild is out!

This year I teamed up with Jared Semrau & James from Mandiant to write a joint report combining our expertise and providing a more holistic view on in-the-wild 0-days in 2023 🔥🧐

blog.google/technology/saf…

I've audited the Android kernel in late 2023, and reported 10+ kernel bugs to Google, along with 2 exploits. Today, I'm releasing the first exploit, targeting the Mali GPU on Pixel devices, accessible from an untrusted_app context.
github.com/0x36/Pixel_GPU…

Lazarus is back with a new variant of their infamous FudModule rootkit!

Ditching their old BYOVD techniques, Lazarus upgraded to exploiting a much stealthier admin-to-kernel zero-day for CVE-2024-21338 (addressed in the February Patch Tuesday update).

decoded.avast.io/janvojtesek/la…

NEW: Spyware maker Variston has lost staff and is shutting down, according to former employees and sources close to the surveillance industry.

The company’s apparent demise came after Google “burned” Variston's name publicly, exposing its hacking tools.

techcrunch.com/2024/02/15/var…

The report documents some of the lesser known players such as Cy4Gate and RCS, with a deep dive into their exploits.

We don’t know where they acquire their exploits, but Google suggests Cy4Gate has access to multiple exploit frameworks named “YodaRoot” and “DF1” 🤔

We're naming names 🔥 because the harm is not hypothetical.

Today we share 'Buying Spying', our new report diving into the commercial surveillance/spyware industry. We dive into the players, the campaigns, the spyware, & the harm it perpetuates.

blog.google/threat-analysi…

There's also lots of goodies that we've never released before like:

👀 That Chrome 0-day (CVE-2023-7024) clem1 discovered in Dec? NSO Group
🤔 Which vendor gets caught the most
🕐 In April, it took Intellexa 45 days to come back after their Chrome 0days were caught & patched

Announcing the latest report from Threat Analysis Group documents the rise of commercial surveillance vendors and the industry that threatens free speech, the free press and the open internet

blog.google/threat-analysi…

Some highlights below. 🧵

Exploit for CVE-2022-4262. Fukin finally! Shoutout to clem1 for finding the ITW exploit. And shoutout to Samuel Groß, Jack Ren, Alisa Esage Шевченко for their RCA's and prior analysis of the vuln :). github.com/mistymntncop/C…

Narrator: M118 was not unhackable

New malware from 🇷🇺 with ❤️, COLDRIVER deploying a custom tool, SPICA, in small number of targeted campaigns. Great write up from Wesley Shields Aurora Blum and Google TAG. actor to keep an 👁️ on moving into 2024!

blog.google/threat-analysi…

🎁 New RCA up from Genwei Jiang of Mandiant FLARE on CVE-2023-36033, an EoP in Windows DWM Core Library that was patched in November!

googleprojectzero.github.io/0days-in-the-w…

💪🏼 Yesterday clem1 and Vlad Stolyarov discovered and reported a new ITW 0-day to the Chrome team. TODAY, 1 day later, Chrome has a fix out to protect users!!! Thank you, Chrome! CVE-2023-7024

chromereleases.googleblog.com/2023/12/stable…

💥New ITW 0-days discovered by clem1 and Benoît . CVE-2023-6345 in Chrome (Skia) and CVE-2023-42916 and CVE-2023-42917 in Safari. Chrome bug patched on Tuesday only 4 days after report 😍 and...

chromereleases.googleblog.com/2023/11/stable…

Google fixes Chrome zero day exploited in the wild (CVE-2023-6345) - helpnetsecurity.com/2023/11/29/cve… - Google Chrome clem1 #CyberSecurity #security #InfoSecurity #ITsecurity #CyberSecurity News #SecurityNews #vulnerability #exploit #SecurityUpdate

Zimbra 0day targeting 🇬🇷🇲🇩🇹🇳🇻🇳🇵🇰 from earlier this year - used by multiple actors! New post from Google TAGs clem1 Maddie Stone Kristen !

Mind the gap!

blog.google/threat-analysi…

🪲 New blog from me, clem1, and Kristen on the Zimbra in-the-wild 0-day, CVE-2023-37580, discovered by TAG in the summer. We discovered 4 different campaigns using the bug against organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan.

blog.google/threat-analysi…

Would you realise if java.exe spawning something dodgy was a 0-day? OG and team did, patch your on-prem SysAid instances