U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own Day 2: Organizers paid $792K for 56 0-days

Day Two of Pwn2Own Ireland 2025 saw $792K for 56 0-days, led by The Summoning Team after a major Samsung Galaxy exploit. Day Two of Pwn2Own Ireland 2025 ends with participants earning $792,750 for 56 zero-days. Meta, Synology and QNAP are sponsoring the event. Pwn2Own Ireland 2025 includes eight categories of exploits targeting flagship smartphones […]

Pwn2Own Ireland 2025

Day Two of Pwn2Own Ireland 2025 saw $792K for 56 0-days, led by The Summoning Team after a major Samsung Galaxy exploit.

Day Two of Pwn2Own Ireland 2025 ends with participants earning $792,750 for 56 zero-days. Meta, Synology and QNAP are sponsoring the event. Pwn2Own Ireland 2025 includes eight categories of exploits targeting flagship smartphones (Galaxy S25, iPhone 16, Pixel 9), printers, network storage, home networking gear, messaging apps, smart home and surveillance devices, plus wearables like Meta Quest 3/3S and Ray-Ban Smart Glasses.

The Summoning Team leads after a Samsung Galaxy exploit highlight. The team earned a total of 18 points and $167,500 during the first two days of the event.

Ken Gannon / 伊藤 剣 of Mobile Hacking Lab, and Dimitrios Valsamaras of Summoning Team chained five vulnerabilities to exploit the Samsung Galaxy S25. The duo earned $50,000 and 5 Master of Pwn points.

Chumy Tsai of CyCraft earned $20K and 4 points for exploiting QNAP TS-453E via a single code injection flaw.

Le Trong Phuc and Cao Ngoc Quy of Verichains exploited Synology DS925+ via auth bypass and another bug, earning $20K and 4 Pwn points.

Team ANHTUD chained three bugs, including an SSRF, a cleartext storage of sensitive information issue and a collision, to exploit Home Automation Green with 45 second left, earning $16,750 and 3.75 Pwn points.

Day 1 of Pwn2Own Ireland saw 34 zero-days demoed and $522,500 awarded.

Vendors have 90 days to address the flaw discovered during the competition before their public disclosure.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Ireland 2025)