Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Natalie Silvanovich @natashenka@infosec.exchange

1/15/2026, 9:00:10 PM

Public

Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.

https://projectzero.google/2026/01/pixel-0-click-part-1.html

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...

projectzero.google

Natalie Silvanovich @natashenka@infosec.exchange

1/15/2026, 9:00:38 PM

Public

The first bug in the chain is CVE-2025-54957, a memory corruption bug in the Dolby Unified Decoder, an audio codec integrated by most Android devices’ OEMs. It is 0-click because incoming SMS and RCS audio messages are automatically transcribed by the system.

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/natashenka/statuses/115901126334766211 on your instance and quote it. (Note that quoting is not supported in Mastodon.)