Security Affairs
Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own Automotive 2025 Day 2: organizers awarded $335,500

Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers have demonstrated 39 unique zero-days. The team SinSinology leads the Master of Pwn chart. Sina […]

Pwn2Own Automotive 2025

Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025.

During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers have demonstrated 39 unique zero-days.

The team SinSinology leads the Master of Pwn chart.

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) chained two vulnerabilities to exploit the WOLFBOX charger for the first time at the Pwn2Own. The researchers earned $50,000 and 5 Master of Pwn points.

The PHP Hooligans team exploited a Tesla Wall Connector bug to crash and take over it, earning $50,000 and 5 Master of Pwn points.

Pwn2Own Automotive 2025

The team Synacktiv exploited a logic bug as a part of their chain to hack the Tesla Wall Connector via the Charging Connector. The team earned $45,000 and 7 Master of Pwn points.

The white hat hackers from HT3 Labs (@ht3labs) chained a missing authentication bug with an OS command injection issue to exploit the Phoenix Contact CHARX. They earned $25,000 and 5 Master of Pwn points.

The complete list of  Day Two results are available here.

Yesterday, Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of the Pwn2Own Automotive 2025.

In total, the organizers awarded $382,750 for 16 unique working zero-day exploits targeting infotainment systems, electric vehicle (EV) chargers, and automotive operating systems. 

No attempts were made to demonstrate vulnerabilities in a Tesla vehicle, despite organizers offered a $500,000 reward for an autopilot exploit.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Automotive 2025)