Security Affairs
INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|GodDamn Ransomware Uses PoisonX to Blind Security Software|AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack|Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)|Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes|Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation|A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach|Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own Ireland 2024 Day 2: participants demonstrated an exploit against Samsung Galaxy S24

On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit for the Samsung Galaxy S24.  On day two of Pwn2Own Ireland 2024, hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event. With the […]

Pwn2Own Ireland 2024

On the second day of Pwn2Own Ireland 2024, researchers demonstrated an exploit for the Samsung Galaxy S24. 

On day two of Pwn2Own Ireland 2024, hackers demonstrated attacks against 51 zero-day vulnerabilities, earning a total of $358,625, prizes that we have sum to the $516,250 earned by participants on the first day of the event.

With the $516,250 earned by participants on the first day of the event, the total payout at the hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) has already reached nearly $850,000, and there are two more days left.  

Today, we awarded $358,625 – which brings the event total to $847,875. The Viettel Cyber Security team has a commanding lead for Master of Pwn, but with two days left, there still could be changes.” reads the announcement published by ZDI.

The exploit of the day was demonstrated by Ken Gannon of NCC Group who chained five vulnerabilities to hack a Samsung Galaxy S24 device and get a shell and the installation of an app.

He earned $50,000 for an exploit chain that involved five vulnerabilities and achieved a shell and 5 Master of Pwn points.

Pwn2Own Ireland 2024

PHP Hooligans / Midnight Blue (@midnightbluelab) used a command injection bug to get code execution on the Synology BeeStation BST150-4T. The team earned $40,000 and four Master of Pwn points.

Corentin BAYET (@OnlyTheDuck) of @Reverse_Tactics chained three bugs to exploit the QNAP QHora-322 to QNAP TS-464, earning $41,750 and 8.5 Master of Pwn points, though one bug had been used before.

NiNi (@terrynini38514) of DEVCORE Research Team demonstrated an exploit an Improper Verification of Cryptographic Signature bug against the AeoTec Smart Home Hub. They earn $40,000 and 4 Master of Pwn points.

Other exploits demonstrated during day two of Pwn2Own Ireland 2024 targeted Sonos Era 300 smart speaker, Canon and HP printers, Lorex and Ubiquiti cameras, and QNAP and Synology NAS devices.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hackingPwn2Own Ireland 2024)