The next event on the CTBB Discord starts in a few minutes: You don't want to miss this talk by nopnop, the Google BugSWAT MVH in Vegas! Check the screenshot for more details, and join us using the link below! discord.gg/yu8rcJV9?event=15…

In April 2026, we held the latest edition of bugSWAT (our live event for security researchers) in Seoul, South Korea. For more information on this edition's focus, its impact & winners, as well as bugSWAT in general, see 👇 bughunters.google.com/blog/b…

Valentino is insanely skilled - last year, he gave the combined team of rez0, Rhynorater, Lupin and myself a run for our money in the Tokyo Bugswat as a SOLO hacker. He doesn't hack much on HackerOne or Bugcrowd, but rest assured he is very much one of the best. Follow him!

I still remember bugSWAT 2023, and it's incredible how fast time has passed.

Bugswat?

Google CloudのLookerにおいて、ディレクトリ削除処理の不備と競合状態を悪用することでリモートコマンド実行が可能となる重大な脆弱性が発見された。さらに設定不備により他インスタンスへの権限昇格も可能だった。 Flatt Securityの研究者RyotaKは、bugSWATイベントでLookerのGit管理機能に着目し、削除対象ディレクトリの検証不備を発見した。特定条件でリポジトリ全体を削除できるうえ、削除処理中のタイミング競合を利用し、.git消失後にGit操作を実行させることで、細工した設定ファイル経由で任意コマンドを実行できる。さらにKubernetes上のサービスアカウントに過剰な権限があり、同一クラスタ内の他インスタンスへアクセス可能となる権限昇格も確認された。Googleは報告を受け両問題を修正済みである。 flatt.tech/research/posts/re…

[448294721][reward: $10000] [bugSWAT] GPU process crash via WebGPU shader - wild-deref in Mesa aco::combine_instruction crbug.com/448294721

There's an Intent in the APK that pre-fills Gemini's chat input. Justin used this to build a fake captcha app where victim taps 5 times, intent fires on tap 3, tap 4 or 5 lands on the "Send" button: delivery solved, 2FA code is now in Gemini's context. SMS tool requires manual confirmation before sending = dead end. But phone tool doesn't. But a raw call leaks nothing except that the call happened. So how can we encode data inside audio? We needed a way to exfiltrate that data. The answer was usin dial strings, appending tones directly to the number Gemini dials so they play on the receiver's end. Gemini accepts this syntax, read the code via notifications, encode it into a dial string, call the attacker. Attacker records the tones and decode them. We reported this at Google Bugswat Tokyo and got over 9K USD with the $1337 bonus for "Most Creative Bug". Read the full writeup here: blog.starstrike.ai/posts/pho…

At Google's Bugswat Live Hacking Event last year, researchers collabing with @StarstrikeAI uncovered a exfiltration vulnerability in Google Gemini by using it to read 2FA codes via notifications, and then exfiltrate those with encoded DTMF codes via a phone call. This allowed an attacker to extract the 2FA codes of victims by decoding the audio of the tones. The full team involved includes @monkehack, @busf4ctor, @rez0__, @Rhynorater, and @0xLupin. Full write-up 👇 blog.starstrike.ai/posts/pho… #BugBounty

Or Yair, SafeBreach Researcher, is making us proud once again. Our SafeBreach Researcher has been invited by Google to take part in bugSWAT, an exclusive live vulnerability research event in Seoul. Well deserved—congrats, Or! hubs.ly/Q042cCrY0

I'm really excited to share my first research article related to hacking Google Gemini! buganizer.cc/hacking-gemini-… #bugSWAT #GoogleVRP

🐵 MonkeHacks #79 HackAIcon, Mexico Bugswat, No Cat (Yet) #bugbountytips #hacktheplanet #BugBounty monke.ie/p/monkehacks-79

Wrapping up an amazing time at Google #bugSWAT Mexico 2025. It was a privilege meeting so many brilliant people including @epereiralopez, @kl_sree, @sivaneshashok and more. Thrilled that my report was featured in init.g and used to inspire students. That's truly rewarding.

@busf4ctor and I took home 2nd place and Best AI VRP Researcher(s) at the Google’s Mexico Bugswat LHE! Had an amazing time here, thank you to the Google Security Team!

Today was huge! @monkehack and I took 2nd place in the @GoogleVRP Mexico BugSwat and won Best AI VRP Researchers!

@GoogleVRP wrote a blog about this bugswat bughunters.google.com/blog/5…

This #bugswat was one for the record books. Yes they awarded a lot of dough but the company we kept was ✨ #bugbounty #googlecloud bughunters.google.com/blog/5…

The inaugural Cloud VRP ☁️ bugSWAT event was a record-setter 🏆: With 91 identified vulnerabilities resulting in ~$1.6 million in rewards, the event underscored the value of collaboration with external security researchers. bughunters.google.com/blog/5…

Don’t post here much, but this one’s worth it. Managed to win the MVH award at the @GoogleVRP 0x0g bugSWAT event in Vegas 🤩

Still can't quite believe that one of my reports won the most creative category award at recent @GoogleVRP bugSWAT LHE! 🎉 Can't disclose the details yet but I'll surely cover the entire attack scenario in a dedicated writeup.