Saturday , June 20 2026
pwn2own

29 0-days Uncovered : Hackers Earned $1,132,500 at Pwn2Own

infosecbulletin Saturday , March 23 2024 International

Pwn2Own Vancouver 2024 hacking competition is over. Hackers earned $1,132,500 for showing 29 unique zero-days.

Participants in the Pwn2Own Vancouver 2024 hacking competition earned $1,132,500 for demonstrating 29 unique zero-days. On the first day, Team Synacktiv successfully demonstrated exploits against a Tesla car.

CISA: Splunk flaw under active exploit, patch by Sunday

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has asked federal agencies to protect their systems by Sunday from a...
Read More
CISA: Splunk flaw under active exploit, patch by Sunday

Texas data breach exposes 3 million driver’s licenses

By infosecbulletin / Saturday , June 20 2026
The Texas Parks and Wildlife Department (TPWD) revealed a data leak at its license system provider. This leak exposed private...
Read More
Texas data breach exposes 3 million driver’s licenses

Critical Cisco ISE Vulnerability Enables Remote Code Execution

By infosecbulletin / Friday , June 19 2026
Cisco has revealed critical security flaws in its Identity Services Engine (ISE). These flaws could let attackers run harmful code...
Read More
Critical Cisco ISE Vulnerability Enables Remote Code Execution

F5 Patches NGINX Flaw for Code Execution and DoS Attacks

By infosecbulletin / Thursday , June 18 2026
F5 has shared a security warning about serious flaws in NGINX. These issues could let attackers run any code and...
Read More
F5 Patches NGINX Flaw for Code Execution and DoS Attacks

FortiBleed: 70,000 Fortinet Firewalls Compromised Globally

By infosecbulletin / Wednesday , June 17 2026
A vast cyber spying operation called “FortiBleed” has quietly compromised more than 73,932 different Fortinet firewall URLs in 194 countries....
Read More
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally

New Rokarolla Android malware hits 217 banking and crypto apps

By infosecbulletin / Wednesday , June 17 2026
A new Android banking trojan called Rokarolla is hitting 217 banking and cryptocurrency apps with a wide range of 137...
Read More
New Rokarolla Android malware hits 217 banking and crypto apps

Phishing Campaign Exploits Legitimate Microsoft Login Flow

By infosecbulletin / Tuesday , June 16 2026
Attackers are using Microsoft’s OAuth 2.0 Device Authorization Grant (device code) flow in a campaign to take control of Microsoft...
Read More
Phishing Campaign Exploits Legitimate Microsoft Login Flow

ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks

By infosecbulletin / Tuesday , June 16 2026
Cisco on Monday told customers about a new SD-WAN product flaw used in attacks. The flaw, called CVE-2026-20262, is a...
Read More
ALERT Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks

“Panthalassa” builds floating AI data centers powered by ocean waves

By infosecbulletin / Tuesday , June 16 2026
Every American data center story these days follows almost the same pattern. Someone has the chips, someone has the cash,...
Read More
“Panthalassa” builds floating AI data centers powered by ocean waves

Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

By infosecbulletin / Monday , June 15 2026
A critical security flaw has affected the open-source security community. Recently, complete details and working exploit code were shared online....
Read More
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion

The researcher Manfred Paul (@_manfp) won the Master of Pwn earning $202,500 and 25 points.

Participants demonstrated several zero-day exploits against various products such as Apple Safari, Google Chrome, and Microsoft Edge browsers, Windows 11, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, and Tesla. On Day Two, Manfred Paul (@_manfp) managed to escape the sandbox in Mozilla Firefox by exploiting an OOB Write for the RCE and an exposed dangerous function bug. He was rewarded with $100,000 and 10 Master of Pwn points for this successful hack.

Seunghyun Lee, a researcher from KAIST Hacking Lab, used a UAF to remotely execute code in Microsoft Edge and Google Chrome. He earned $85,000 and 9 Master of Pwn points.

The STAR Labs SG team showed the first Docker desktop escape at the Pwn2Own hacking competition by using two vulnerabilities, including a UAF. They won $60,000 and 6 Master of Pwn points.

The complete list of results for the first Two of the Pwn2Own Vancouver 2024 hacking competition is available here:

https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results

Vendors have 90 days to fix the vulnerabilities found during the Pwn2Own hacking competition before they are publicly disclosed by TrendMicro’s Zero Day Initiative.

Check Also

73 Microsoft Packages Compromised in Password Stealer Attack

GitHub disabled 73 repositories in four Microsoft groups: Azure, Azure-Samples, Microsoft, and MicrosoftDocs. Each repo …

Mail: [email protected]
© Copyright 2026, All Rights Reserved InfoSecBulletin