Security Affairs
US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

Pwn2Own Vancouver 2022 D2

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11. During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. The T0 group demonstrated an exploit for an improper access control flaw […]

Pwn2Own Vancouver 2022

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11.

During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. The T0 group demonstrated an exploit for an improper access control flaw leading to the elevation of privilege on Microsoft Windows 11. The exploit was awarded $40,000 and 4 Master of Pwn points.

The security duo David BERARD and Vincent DEHORS from @Synacktiv exploited 2 flaws (Double-Free & OOBW) with a collision on a known sandbox escape on a Telsa Model 3 Infotainment System. The experts earned $75,000 and 7.5 Master of Pwn points.

Another success was an exploit for use after free issue leading to elevation of privilege on Unbuntu Desktop demonstrated by Bien Pham (@bienpnn) who earned $40,000 and 4 Master of Pwn points.

Zhenpeng Lin (@Markak_), Yueqi Chen (@Lewis_Chen_), and Xinyu Xing (@xingxinyu) of Team TUTELARY from Northwestern University successfully demonstrated a Use After Free issue leading to elevation of privilege on Ubuntu Desktop. The team earned $40,000 and 4 Master of Pwn points.

During the first day of the event, white hat hackers earned a total of $800,000, a record for the first day of this contest, including $450,000 for successful exploits targeting Microsoft Teams.

Are you interested in the exploits that will be demonstrated on Day 3?

Stay tuned …

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 
https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Vancouver 2022)

[adrotate banner=”5″]

[adrotate banner=”13″]