U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own Berlin 2025: total prize money reached $1,078,750

Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days. On the final day of Pwn2Own Berlin 2025, participants earned $383,750 for demonstrating zero-day in VMware Workstation, ESXi, Windows, NVIDIA, and Firefox. During the competition, the participants earned a total of $1,078,750, demonstrating […]

Pwn2Own Berlin 2025

Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days.

On the final day of Pwn2Own Berlin 2025, participants earned $383,750 for demonstrating zero-day in VMware Workstation, ESXi, Windows, NVIDIA, and Firefox.

During the competition, the participants earned a total of $1,078,750, demonstrating 28 unique 0-days in multiple products, including 7 in the AI category.

STAR Labs SG won “Master of Pwn” with $320K and 35 points.

Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics exploited ESXi using two bugs; one overlapped with a prior entry, causing a COLLISION, however, his unique integer overflow earned him $112,500 and 11.5 points.

Thomas Bouzerar (@MajorTomSec) and Etienne Helluy-Lafont from Synacktiv exploited VMware Workstation with a heap-based buffer overflow, earning $80,000 and 8 Master of Pwn points.

Dung and Nguyen (@MochiNishimiya) from STARLabs exploited a TOCTOU race condition to escape the VM and an array index validation flaw for Windows privilege escalation, earning $70,000 and 9 points.

In the final Pwn2Own Berlin 2025 attempt, Miloš Ivanović (infosec.exchange/@ynwarcs) used a race condition to gain SYSTEM privileges on Windows 11, earning $15,000 and 3 Master of Pwn points.

The full list of hacking attempts made during day two is available here.

This is the time of the Pwn2Own at the OffensiveCon conference, and also the first time the competition includes an AI category.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Berlin 2025)