InfoSecBulletin Cybersecurity for mankind
During the first day of the Pwn2Own Ireland 2025 hacking contest by Trend Micro’s Zero Day Initiative, participants earned $522,500 for their exploits. 34 new vulnerabilities have been used to hack printers, NAS devices, routers, and smart home products.
The top prize of $100,000 was given in the ‘SOHO Smashup’ category, which involves exploits on two device types. Researchers linked exploits for the QNAP Qhora-322 router and the QNAP TS-453E NAS device.
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
Another significant reward, $50,000, was paid out for a Synology ActiveProtect Appliance DP320 exploit. The same amount was also earned for a Sonos Era 300 smart speaker hack. Other NAS device exploits, targeting Synology and QNAP products, earned researchers $40,000 each.
ZDI awarded $40,000, $20,000, and $12,500 for vulnerabilities in the Home Assistant Green device. Exploits on the Philips Hue Bridge earned $40,000 and $20,000. Hacking Canon and HP printers earned researchers $20,000 and $10,000.
Pwn2Own Ireland 2025 will run until Thursday, when a researcher will show a zero-click exploit for WhatsApp to try to win $1 million.
Over $1 million was awarded at Pwn2Own Ireland 2024 for exploits in cameras, printers, NAS devices, smart speakers, and smartphones.
