@parityzero profile picture
Will Harris @parityzero
Joined June 2011
  • Tweets 2,486
  • Following 800
  • Followers 3,889
159 Photos and videos
Pinned Tweet
Will Harris@parityzero
May 7
Try out the early alpha of Process Isolation in Chrome 138. chrome://flags/#enable-process-isolation-ui then chrome://settings/system for the switch. Read known issues issues.chromium.org/issues?q… and report bugs! Especially interested in App-Compat bugs.
6
24
15,097
Will Harris retweeted
Charlie Miller@0xcharlie
Apr 22
pwn2own has always been a great datapoint for how hard it is to find vulns, what exploit mitigations are working, new exploitation techniques, and now how AI works on offensive security.
s1r1us (mohan)
@S1r1u5_
Apr 4
this year's pwn2own isn't just interesting because there will be lots of entries with AI human. it is also interesting because a) anthropic burned a ton of tokens on firefox, basically running claude in a loop until it found something for a month, probably exhausting whatever claude can one shot. b) if someone submits full chain without much use of ai, it tells you one shotting plateaus and these models are bit like fuzzers than seasoned security reseachers. c) even if they used an llm to find the bug, this tells us scaffolding/harnesss design, prompting, and the operator matters a lot.
3
11
78
13,353
Will Harris retweeted
Bobby Seagull MBE
@Bobby_Seagull
Apr 20
This young man Manchester Madgwick seems to know everything. What a mind. Bravo 👏🏻 #UniversityChallenge
35
13
374
20,649
Great advice from @AnthropicAI on prep for accelerated AI vulnerability discovery, including what to do if you don’t have a dedicated security team, if you’re reporting bugs you found, or are an open source maintainer. /ht @_decius_ for sending the link claude.com/blog/preparing-yo…

Preparing your security program for AI-accelerated offense | Claude

We share our initial set of recommendations to shore up your defenses based on our own findings and security practices.

claude.com
3
26
84
10,138
Will Harris retweeted
Chris Wysopal
@WeldPond
Mar 4
The window between vulnerability disclosure and real-world exploitation keeps shrinking. The Zero Day Clock visualizes how fast attackers are operationalizing new CVEs. What used to take months now often happens in days, or hours. The future needs to be Secure by Design. zerodayclock.com #AppSec #CyberSecurity

Zero Day Clock

The gap between disclosure and exploitation is collapsing to zero.

zerodayclock.com
11
48
179
21,566
Someone finally made a proper video on the xz backdoor. It’s missing a lot of the story, that I hope gets told someday, but still worth a watch.
Veritasium
@veritasium
Feb 27
The Internet Was Weeks Away From Disaster and No One Knew
1:09
1
5
32
4,059
Will Harris retweeted
Alex
@xaitax
24 Dec 2025
Interesting. Microsoft Edge now finally switched on App-bound encryption for their passwords. At least for me now on Version 144.0.3719.35. Last test on Version 142.0.3595.53 this wasn't the case.
1
4
604
Will Harris retweeted
Natalie Silvanovich@natashenka
17 Dec 2025
We launched a redesigned Project Zero website today at projectzero.google ! To mark the occasion, we released some older posts that never quite made it out of drafts. Enjoy!

Google Project Zero

Make zeroday hard

projectzero.google
7
62
365
46,354
Will Harris retweeted
POC_Crew
@POC_Crew
24 Oct 2025
[POC2025] SPEAKER UPDATE 👤 Samuel Groß(@5aelo) - "JavaScript Engine Security in 2025: New Bugs, New Defenses" #POC2025
13
99
17,831
Can't believe Celebrity Traitors missed the golden chance to have a good game of Carrot in a Box there.
2
567
Will Harris retweeted
Ivan Krstić
@radian
9 Sep 2025
🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems. security.apple.com/blog/memo…

Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security...

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our...

security.apple.com
54
484
2,668
378,236
That moment when you think you're going to a European policy talk and the speaker is explaining encrypted firmware. #defcon
408
Infostealers are using UAC bypasses to try and bypass Chrome's App-Bound Encryption so I'm really excited to see Administrator Protection ship and break all these attackers :) 🔥
This tweet is unavailable
3
5
34
5,269
Will Harris retweeted
Todd Oliver@ToddOliver2112
2 May 2025
Hey @espn can you please get a sound engineer on the case in Minnesota? The choppy audio is making the #VegasBorn vs. #mnwild game incredibly brutal to watch. #StanleyCupPlayoffs @NHL
2
5
750
Will Harris retweeted
Chrome for Developers
@ChromiumDev
3 Apr 2025
Chrome 136 now has enhanced cookie security 🍪 → goo.gle/3DMf5SS Changes to remote debugging switches protect your data. Find out how the --remote-debugging-port and --remote-debugging-pipe switches are now being handled.
Changes to remote debugging switches to improve security

ALT Changes to remote debugging switches to improve security

2
7
29
4,468
Will Harris retweeted
stephen@_tsuro
25 Mar 2025
V8 Security is hiring in Warsaw! If you want to work on improving our JavaScript and Wasm fuzzers, check out the links below!
2
26
88
22,633
Will Harris retweeted
Stacy Pitts@stacywpitts
16 Mar 2025
Show us the split times and the gap between each driver @ESPNF1 @F1 @espn
1
1
7
648
Will Harris retweeted
Kim Zetter
@KimZetter
4 Mar 2025
Two stories published Friday reporting that Trump admin had ordered US Cyber Command and CISA to "stand down" on their work to detect/counter Russian cyber threats. But new info has come out to contradict them. I dug into what we know and don't know. zetter-zeroday.com/did-trump…

Did Trump Admin Order U.S. Cyber Command and CISA to Stand Down on Russia? (Story updated)

Two blockbuster stories published on Friday that appear to confirm what many Americans suspected would occur under the Trump administration – that the new regime is going to be softer on Russia than...

zetter-zeroday.com
9
62
144
27,322
Hi @susie_dent Players on the Traitors frequently use "yourself" instead of "you" at the round table when referring to other players. Is that usage correct? E.g. "I am going to vote for yourself".
369
Will Harris retweeted
Jonny Johnson
@JonnyJohnson_
4 Dec 2024
Microsoft's Threat-Intelligence ETW provider now supports events to identify token impersonation attacks. I wrote a blog on these events and how Microsoft is surfacing them: jsecurity101.medium.com/behi…

Behind the Mask: Unpacking Impersonation Events

Introduction

jonny-johnson.medium.com
3
91
249
19,082
Load more