Friday , April 25 2025
Pwn2Own

Pwn2Own Contest Tokyo
Hackers Unearths Dozens of Zero-Day Vulnerabilities

Top ethical hackers are currently competing in Tokyo. They have discovered nearly 40 zero-day vulnerabilities in Tesla and other products.

The first car-focused Zero Day Initiative (ZDI) Pwn2Own contest takes place from January 24-26. ZDI is the world’s largest bug bounty program, encouraging ethical hackers to find and report vulnerabilities in products and improve digital safety.

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....
Read More
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

NVIDIA NeMo Framework Vuln Allow Attackers RCE

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...
Read More
NVIDIA NeMo Framework Vuln Allow Attackers RCE

Cisco Issued Urgent Security Advisories For Multiple Products

Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due...
Read More
Cisco Issued Urgent Security Advisories For Multiple Products

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

GitLab Releases Security Update For Multiple Vulns

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
GitLab Releases Security Update For Multiple Vulns

ISPAB president “whatsapp” got hacked via phishing link

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
ISPAB president “whatsapp” got hacked via phishing link

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
Zyxel released patches 2 vulns in its USG FLEX H series firewalls

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

ChatGPT Develops Exploit for CVEs Before Public PoCs Share

Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC)...
Read More
ChatGPT Develops Exploit for CVEs Before Public PoCs Share

TP-Link Router Vulns Allow to Execute Malicious SQL Commands

Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their...
Read More
TP-Link Router Vulns Allow to Execute Malicious SQL Commands

It was a big day for security discoveries with 24 zero-day exploits found. The French Synacktiv Team earned $100,000 for finding a three-bug chain against the Tesla Modem, $60,000 for a two-bug chain against the Ubiquiti Connect EV Station, and another $60,000 for a two-bug chain against the JuiceBox 40 Smart EV Charging Station.

The UK’s NCC Group earned $30,000 for finding a security issue with the Phoenix Contact CHARX SEC-3100 charging controller, and $40,000 for identifying three bugs in the Pioneer DMH-WT7600NEX digital receiver.

At the time of writing, a further 15 zero-day vulnerabilities had been discovered and demonstrated in exploits on day two of the competition.

Synacktiv successfully found and exploited two security vulnerabilities in the Tesla Infotainment System, earning $100,000. They also discovered and exploited three vulnerabilities in Automotive Grade Linux, resulting in a $35,000 reward.

NCC Group used two bugs to hack the Alpine Halo9 iLX-F509 media receiver and won $20,000.

The total prize money given out so far is over $1m. Vendors have 90 days to fix the vulnerabilities found in the competition before ZDI discloses them publicly.

In 2022, the Trend Micro initiative warned that customers were at risk due to poor vendor patching and confusing advisories. This made it difficult for network defenders to accurately assess their risk exposure and increased the possibility of faulty or incomplete patches.

The disclosure policy of the company was changed from 120 days to a range of 90 to 30 days, depending on the level of importance.

Pwn2Own Automotive concludes tomorrow.

Check Also

ransomware

Bengaluru firm got ransomware attack, Hacker demanded $70,000

Bengaluru’s Whiteboard Technologies Pvt Ltd was hit by a ransomware attack, with hackers demanding a …

Leave a Reply

Your email address will not be published. Required fields are marked *