Tuesday , January 28 2025
pwn to own

Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

infosecbulletin Wednesday , October 23 2024 Uncategorized

White hat hackers at the Pwn2Own Ireland 2024 contest by Trend Micro’s Zero Day Initiative earned $500,000 on the first day by exploiting NAS devices, cameras, printers, and smart speakers.

Sina Kheirkhah from Summoning Team earned the top reward of $100,000 by exploiting nine vulnerabilities in an attack from a QNAP QHora-322 router to a TrueNAS Mini X storage device.

GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

By infosecbulletin / Tuesday , January 28 2025
Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, these could allow attackers to...
Read More
GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes

By infosecbulletin / Monday , January 27 2025
PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This...
Read More
Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes

UnitedHealth confirms 190 million impacted by 2024 data breach

By infosecbulletin / Monday , January 27 2025
UnitedHealth confirmed that the ransomware attack on its Change Healthcare unit last February impacted about 190 million Americans, nearly double...
Read More
UnitedHealth confirms 190 million impacted by 2024 data breach

Registration Open For BCS CTF 2025

By infosecbulletin / Monday , January 27 2025
So, to test your cyber security skill, here is another chance to do that. Bangladesh computer society (BCS) is going...
Read More
Registration Open For BCS CTF 2025

New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

By infosecbulletin / Sunday , January 26 2025
Sygnia's recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure...
Read More
New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

By infosecbulletin / Friday , January 24 2025
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting...
Read More
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

CISA Releases 6 ICS Advisories Detailing Security Issues

By infosecbulletin / Friday , January 24 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released 6 advisories for Industrial Control Systems (ICS), highlighting vulnerabilities in various...
Read More
CISA Releases 6 ICS Advisories Detailing Security Issues

Account Credentials for Security Vendors Found on Dark Web: Cyble Report

By infosecbulletin / Thursday , January 23 2025
# "While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been...
Read More
Account Credentials for Security Vendors Found on Dark Web: Cyble Report

Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

By infosecbulletin / Thursday , January 23 2025
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory...
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

By infosecbulletin / Thursday , January 23 2025
GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition...
Read More
GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

Viettel Cyber Security demonstrated an exploit chain involving QNAP QHora-322 and TrueNAS Mini X products, earning $50,000.

Jack Dates from RET2 Systems earned a $60,000 reward for hacking a Sonos Era 300 smart speaker.

Two different teams earned $40,000 each for exploiting the QNAP TS-464 and Synology DiskStation DS1823XS+ NAS devices.

Participants successfully exploited the Lorex 2K WiFi, Ubiquity AI Bullet, and Synology TC500 cameras, as well as HP Color LaserJet Pro MFP 3301fdw and Canon imageCLASS MF656Cdw printers, earning hackers between $11,000 and $30,000.

ZDI reported that $516,250 was awarded on the first day of Pwn2Own Ireland for over 50 unique vulnerabilities.

In the coming days, contestants will showcase exploits targeting a Samsung Galaxy S24 phone and an Aeotec Smart Home Hub, along with cameras, NAS devices, smart speakers, and printers.

Pwn2Own Ireland 2024 features a messaging app category, offering up to $300,000 for a zero-click WhatsApp exploit. Up to $250,000 is available for exploits targeting the Pixel 8 and iPhone 15, but no entries have been submitted for these devices.

Check Also

Privilege Escalation

CVE-2025-20156
Cisco Fixes Meeting Management Allowing Privilege Escalation

Cisco has released a security advisory concerning a critical privilege escalation vulnerability (CVE-2025-20156) in its …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin