Someone's really having a lot of fun with DNG. Another (!) DNG vuln patched in 2025-10 Samsung update. Google TAG assesses surveillance vendors may have been aware of this vuln (though not presently clear if deployed ITW or not) project-zero.issues.chromium…

Double Kill 🤪 Mozilla team working on the patch, we developing the exploit, no drama needed 😎

Dave Aitel says Google BigSleep AI has the wrong technological take. "I just don't think fuzzing is part of the picture right now. I think reasoning is part of the picture." @daveaitel @craiu @juanandres_gs

has nothing todo with p0 actually imo, their ( justified) angriness because of their voluntary time being exploited by bigcorp, and now they forced to fix the nonsense issue reported by bigcorp AI, but nevertheless, this particular issue P0 reported seems influenced by some KPI for BigSleep i guess.

Although the target might not be as impactful as some others we ran against, these bugs in QuickJS are some of my favorite Big Sleep finds, because they demonstrate the ability of LLMs to reason about and detect classic JavaScript engine vulnerabilities. issuetracker.google.com/save…

I believe in this case either the target program was a fuzzing harness, or the report was adapted to an existing fuzzing harness to make it easier for maintainers to reproduce.