JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own Toronto 2022 Day 2: Participants earned $281K

Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits. On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, […]

pwn2own toronto 2022

Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS.

On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits.

On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, router, and NAS exploits.

Researchers from Qrious Secure team used two flaws to execute an attack against the Sonos One Speaker, they earned $60K and 6 Master of Pwn points.

STAR Labs team also hacked the Sonos One Speaker in the Smart Speaker category using one unique bug and another previously known bug. The team earned $22,500 and 4.5 Master of Pwn points.

The Bugscale team demonstrated an exploit against the Synology router and HP Printer using one unique bug and another previously known flaw. The team earned $37,500 and 7.5 Master of Pwn points.

The researchers from Interrupt Labs executed an improper input validation attack against the Samsung Galaxy S22 in the Mobile Phone category. The team earned $25K and 5 Master of Pwn points.

pwn2own toronto 2022
Galaxy S22 pwned – Source ZDI

The researcher Luca Moro was awarded $40,000 for a Classic Buffer Overflow attack against the WD My Cloud Pro Series PR4100 in the NAS category.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Toronto 2022)

[adrotate banner=”5″]

[adrotate banner=”13″]