U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

The Pwn2Own Ireland hacking contest awarded a total $1,024,750 for 73 zero-days, the Summoning Team won Master of Pwn. Pwn2Own Ireland 2025 wrapped up with $1,024,750 awarded for 73 unique zero-days. Organizers thanked participants, vendors, and partners Meta, Synology, and QNAP. Pwn2Own Ireland 2025 includes eight categories of exploits targeting flagship smartphones (Galaxy S25, iPhone […]

Pwn2Own Ireland 2025

The Pwn2Own Ireland hacking contest awarded a total $1,024,750 for 73 zero-days, the Summoning Team won Master of Pwn.

Pwn2Own Ireland 2025 wrapped up with $1,024,750 awarded for 73 unique zero-days. Organizers thanked participants, vendors, and partners Meta, Synology, and QNAP.

Pwn2Own Ireland 2025 includes eight categories of exploits targeting flagship smartphones (Galaxy S25, iPhone 16, Pixel 9), printers, network storage, home networking gear, messaging apps, smart home and surveillance devices, plus wearables like Meta Quest 3/3S and Ray-Ban Smart Glasses.

The Summoning Team claimed the Master of Pwn title for outstanding exploits across multiple categories, showcasing exceptional research and preparation.

Ben R. and Georgi G. of Interrupt Labs exploited an input validation bug to take over the Samsung Galaxy S25, enabling camera and location access, earning $50K and 5 Master of Pwn points.

David Berard of Synacktiv exploited two bugs in the Ubiquiti AI Pro (Surveillance Systems), earning $30K and 3 Master of Pwn points, featuring a Baby Shark demo.

namnp of Viettel Cyber Security exploited Phillips Hue Bridge via crypto bypass and heap overflow, earning $20K, 4 Master of Pwn points, and a Top 5 ranking.

The researchers Eugene (3ugen3) of Team Z3 withdrew from the competition, canceling his $1M zero-click WhatsApp exploit demo, citing it wasn’t ready for public presentation.

Anyway, Eugene cannot share any details about the WhatsApp exploit due to a signed agreement NDA with the organization.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Ireland)