Google VRP (Google Bug Hunters) @GoogleVRP
We ❤️ 🐜🐞🦗🦟🦋. {echo,{{{Google,Chrome,Android,Abuse,Mobile,OSS,Cloud}Vulnerability,Patch}Reward,VulnerabilityResearchGrants}Program} bughunters.google.com Joined March 2018-
Tweets343
-
Followers42K
-
Following0
-
Likes186
Check out Tomas' post and article on hacking Google using Git integrations. One of these reports even won him Most Valuable Hacker (MVH) at Google's bugSWAT event in Vegas last year!
The written version of my BSides Riga and @bsidesvilnius talks is up: exploiting git integrations in cloud services, with four bugs I found in GCP (Looker, Dataform), including the one that won me MVH. nopnop.pro/2026/06/17/exp…
"brutecat is super talented", "luckily I'm not oncall ;)", "incredible" These are all real quotes from Googlers after seeing this blog post. Amazing work @brutecat, thank you for sharing!
Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-goog…
📢 PSA for security researchers! In our latest post, we're taking a closer look at how Google Spark (which was recently launched) works, ways to approach bug hunting in Spark, and how to distinguish high-impact vulnerabilities from expected system behavior 👇 bughunters.google.com/blog/spark-rel…
📣Blast from the past📣 This post takes us back to a flaw discovered in 2010: while technology has advanced, the general story of how the flaw was detected is still a great example of effectively identifying and remediating a security issue. bughunters.google.com/blog/bit-rot-d…
📢 More on Google's approach to post-quantum cryptography 🔐 This time, we're taking a closer look at digital signatures and the complex challenges they present, and discussing the opinionated paths we are taking at Google in this space. bughunters.google.com/blog/next-with…
More on passkeys 🔐! This time we are focusing on storage options, in particular the differences between using a password manager vs. a hardware security key to store your credentials, and why you might choose one option over the other. bughunters.google.com/blog/hardware-…
In April 2026, we held the latest edition of bugSWAT (our live event for security researchers) in Seoul, South Korea. For more information on this edition's focus, its impact & winners, as well as bugSWAT in general, see 👇 bughunters.google.com/blog/bugswat-i…
📣📢 Calling all Android and Chrome bug hunters 🧑💻🔎! We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, 👇 bughunters.google.com/blog/evolving-…
Our Google Cloud VRP researchers don't want to miss this! 🔥 Check out Omer's (@omer_asfu) cross-tenant bucket squatting research.
I achieved a cross-tenant #RCE in #GoogleCloud simply by abusing predictable bucket names. 🪣 In my latest research for @FocalSecurity, I look into "Bucket Squatting" - a cross-tenant attack that landed me 3 critical vulnerabilities in GCP. Here is how it works:
📢📢📢 Attention bug hunters! The Google VRP is updating its reward model, with a focus on the impact of vulnerabilities and the sensitivity of the data involved. To this end, we're introducing two dimensions: Information Tiers and Action Criticality. 👀👇 bughunters.google.com/blog/standardi…
Ever wondered how passkeys 🔐 work, and how they improve on classic passwords 🔤? For more details, see our latest post, and you'll also learn what makes passkeys particularly resistant against phishing 🐟. bughunters.google.com/blog/passkeys-…
📢 Open source security researchers, take note: we've updated the OSS VRP rules! We're emphasizing the need for actionable reports and verifiable reproduction steps – to allow us to focus on critical threats with real-world impact. For more details 👇 bughunters.google.com/blog/ossvrp-ru…
GCP VRP Secrets? 🤫 Hear from the program leads! Michael Cote (linkedin.com/in/michaelpatr…) & Darby Hopkins (linkedin.com/in/darbyhopkins) join @ctbbpodcast to talk shop: killer report tips, program insights & boosting your bounty game on Google Cloud. 🎧 youtu.be/7u6xpVhEpBA #GoogleVRP #BugBounty #CloudSecurity #GCP
Our Google Cloud VRP researchers don't miss! 🔥 Check out @terminatorLM's latest Looker research uncovering 9 novel cross-tenant vulns in Looker. See how it was done: 👇
🫣LeakyLooker: 1 Cross-tenant vulnerability? How about 9? (1/10)🧵 I’m incredibly proud to share LeakyLooker. I discovered 9 novel cross-tenant vulnerabilities in Google Cloud’s Looker Studio that broke fundamental design assumptions. Here is how I broke tenant isolation: 👇
📣📣📣 Hot off the press: 2025 highlights of Google's vulnerability reward programs! Notably, we awarded an all-time high of over $17 million in rewards 💰 and kicked off the dedicated AI VRP 🤖. Thank you to our incredible bug hunting community 🧑💻🧑💻🧑💻!!! bughunters.google.com/blog/google-vr…
📢 Interested in AI and agent security at Google🛡️? This post looks at how we mitigated the risk of URL-based data exfiltration through provenance checks and sanitization – effectively blocking a prompt injection-based exploitation vector. bughunters.google.com/blog/mitigatin…
Offline authentication on Android 🤖 🔒? Find out how the FIDO alliances's Hybrid transport architecture was expanded to support this crucial scenario, and how this increases reliability and unlocks many new use cases. bughunters.google.com/blog/hybrid-tr…
Next up in our series on Android and authentication 🤖 🔒: Learn how the FIDO Alliance's Hybrid protocol has been expanded beyond CTAP messages to also support generic JSON, and which new use cases this extended approach enables. bughunters.google.com/blog/hybrid-pr…
Curious how we go about security reviews at Google? In this case, we teamed up with Intel to take a closer look at Intel Trust Domain Extensions (TDX) 1.5 and help secure the confidential computing space! For the details, 👇 bughunters.google.com/blog/a-joint-s…
Ben Sadeghipour @NahamSec
248K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
🇷🇴 cristi @CristiVlad25
55K Followers 609 Following
Luke Stephens (hakluk... @hakluke
100K Followers 2K Following Hacker, marketer. I manage socials and marketing for cybersecurity orgs. Founder of @hacker_content and @haksecio
InfoSec Community @InfoSecComm
56K Followers 636 Following Largest InfoSec publication with 80,000+ followers and 3M+ monthly views.
shubs @infosec_au
58K Followers 2K Following Co-founder, security researcher. Building an attack surface management platform, @assetnote
Julien | MrTuxracer �... @MrTuxracer
39K Followers 443 Following Founder of @rcesecurity | #BugBounty | @Hacker0x01 MVH && H1-Elite | $1,5+ Mio in Bounties | Mobile Hacker | @[email protected]
Gareth Heyes \u2028 @garethheyes
38K Followers 1K Following Web security researcher at PortSwigger. Author of JS for Hackers and Hackvertor. https://t.co/e0aNEbFb9D
Bug Bounty Reports Ex... @gregxsunday
54K Followers 613 Following Grzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
James Kettle @albinowax
84K Followers 101 Following Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at https://t.co/vP6UbGmvl3
Renganathan @IamRenganathan
15K Followers 739 Following 21 | Ethical Hacker | Building @R_Protocols | Secured Google, Apple, LinkedIn, AWS & More | Product | Startups | Speaker | 50+ talks | Posts are personal
Kanhaiya Sharma @krishnsec
20K Followers 740 Following APPLICATION SECURITY & RECON | All time top 20 @bugcrowd | https://t.co/QhMy9MYvrx
Tuan Anh Nguyen⚡️... @haxor31337
16K Followers 2K Following 30 y/o Bug Bounty Hunter and Red Team Lead at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowd
Youssef Sammouda (sam... @samm0uda
41K Followers 590 Following Security Researcher/Hacker 1st in Meta bug bounty program for 6 years Opinions are my own and not my employer's.
7lpu6iLt @7lpu6iLt
88 Followers 377 Following f̷̩̒͆͆r̸͍͕̗͉̮̙̼͗̏̇̅̓͠i̵͍̞͔͎̱͌͋͐̍̈̚ Hacker | Penetration-tester | Securing the universe
Aus Alzubaidi @alzubaidi_2017
110 Followers 7K Following
Bug @bugrecs7y
0 Followers 12 Following
KiX @JeryKiX
15 Followers 274 Following
. @jjjq09
1 Followers 2K Following
aquatl @laq8m
0 Followers 37 Following
0xSudo @0xRnd2k
158 Followers 318 Following Junior Penetration Tester | Interested in Security She/her
ANHRWij @anhrwijj
0 Followers 252 Following
Justin Parker @JLParker87
49 Followers 522 Following
Mohamed @___Mohamd____
29 Followers 1K Following
Alu Bhai @bhai_alu82030
1 Followers 45 Following
Himansu @0xtheM7
190 Followers 177 Following
ooniplak @ooniplak
0 Followers 58 Following
9.mindset @9_mindset
8 Followers 265 Following
GOOO @DarkKuze
0 Followers 9 Following
Mylifechangefast.eth�... @mylifechangefa1
1K Followers 2K Following God hacked me to hack things. Web2 / Web3 EVM/Stacks/SOL/ZK alter ego: @realgrew2fast All opinions are my own; no financial advice.
Yared Tekle @YaredTekle22
2 Followers 31 Following
10 May @DrWallah
1K Followers 5K Following I'm a kind,caring,sweet,passionate and good heart. I'm down to earth,fit,friendly and intelligent guy who love to have fun...💿music keeps me going🎵...🎮FiFa..
ƬheƊarkÅngel @OSBSP_dex05l
0 Followers 300 Following Infosec / ReCon / Researcher Looking Above To See Whats Beyond
vic v @0qqLogo
0 Followers 11 Following
Hidden Lock Team 👨... @hiddenlockT
1K Followers 200 Following Cybersecurity in Arabic | Learn & Stay Updated Certs • CVEs • News
. @evidenceofllama
0 Followers 53 Following
jonsnow @j0n5n0w_
0 Followers 61 Following
JV @StealthSpec25b
1 Followers 184 Following
Khalid @Khalid66nz
0 Followers 1 Following
HyprHex @hyprhex
37 Followers 104 Following Build and Break APIs. Check my latest https://t.co/pENfcMZhnh
محمد الجندي... @vsbwmnxy4
5 Followers 108 Following
レフィ🍃🐧⚡ @refyanone
1K Followers 5K Following /近況: FFは自宅保守程度に。『はてなブログ』と『https://t.co/E4fKpNxvH8』に記事を書いています。 /FFXIV: Lalafell Summoner 🜸Yojimbo /Favorites: 🍃 🐧⚡ 🥀 🐏 🚑 ❤️🔥 /thx icon: @penuue /❤️ @MoceceMoce
PriyathamSec @priyathamsec
0 Followers 96 Following
Adesh Rai @adeshrai707
22 Followers 407 Following
Aydinli 🦣 @Aydinli42347
858 Followers 3K Following Researching the future of finance. Crypto | DeFi | AI | Web3 | Not financial advice.
Shawkat Emad @shawkat7h
5 Followers 69 Following
YakovTill @YakovTill
9 Followers 281 Following
ZerΔch @zer4ch
6 Followers 202 Following Zer△ch ✦ Mastering the math behind trustless proofs ZK • Circom • Noir • EVM The proof exists. The secret doesn't.
Plantain Lover @akanshay
348 Followers 811 Following AI Researcher | N'golo kante energy | No mediocrity
Zheng Yu @dataisland99
117 Followers 301 Following
Shatakshi Agrawal @A19149Agrawal
0 Followers 4 Following
FleeSolar🌞 @flee_solar
53 Followers 418 Following Solar made simple. Powered by FleeSolar. Get pre-qualified and your free Solar consultation today ! 🌎🟦🧡💛🌞🔽
michaeldjejxicjs @michaeldjeh8ef
0 Followers 12 Following
Abdalrahman Sabeq @0xAbdalrahman
0 Followers 94 Following
Fahim Ashfak @Ashfak297
1 Followers 95 FollowingYou might like
