101010.pl

IT InsightsHackers verdienen €435.000 door exploits in SharePoint en VMware bij Pwn2Own 2025! Cybersecurity blijft cruciaal. <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a>  <a href="https://itinsights.nl/cybersecurity/hackers-kraken-sharepoint-en-vmware-e435-000-buit/" rel="nofollow noopener" translate="no" target="_blank">https://itinsights.nl/cybersecurity/hackers-kraken-sharepoint-en-vmware-e435-000-buit/</a>

Tom SchusterWe now have evidence that the strict Content-Security-Policy we added to the <a href="https://hachyderm.io/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> fronted for hardening purposes prevent a Pwn2Own participant from escaping the sandbox! Definitely validates our approach.<a href="https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/" rel="nofollow noopener" translate="no" target="_blank">https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/</a>P.S: Nice work from everyone for being the fastest to ship a fix for the <a href="https://hachyderm.io/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> findings again.

Trend Zero Day InitiativeCongrats to <a href="https://mastodon.social/@mozilla" class="u-url mention" rel="nofollow noopener" target="_blank">@mozilla</a> for being the first vendor to patch their <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> bugs. Oh - and go update <a href="https://infosec.exchange/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> to get the fixes. That's two years in a row Mozilla has been the fastest. Well done!

The New OilHackers earn $1,078,750 for 28 zero-days at <a href="https://mastodon.thenewoil.org/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> <a href="https://mastodon.thenewoil.org/tags/Berlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Berlin</a><a href="https://www.bleepingcomputer.com/news/security/hackers-earn-1-078-750-for-28-zero-days-at-pwn2own-berlin/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-earn-1-078-750-for-28-zero-days-at-pwn2own-berlin/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

James House-Lantto (He/Him)<a href="https://lifehacker.com/tech/mozilla-just-patched-two-firefox-zero-days" rel="nofollow noopener" translate="no" target="_blank">https://lifehacker.com/tech/mozilla-just-patched-two-firefox-zero-days</a>Mozilla has released a security patch for two zero-day vulnerabilities identified at the recent Pwn2Own hacker contest held in Berlin, from May 15th - 17th.Hackers at Pwn2Own won $50,000 each for their findings.<a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://mastodon.social/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> <a href="https://mastodon.social/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mozilla</a> <a href="https://mastodon.social/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> Announces Same-Day Update After Two Minor <a href="https://mastodon.thenewoil.org/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> Exploits<a href="https://tech.slashdot.org/story/25/05/18/0558219/firefox-announces-same-day-update-after-two-minor-pwn2own-exploits" rel="nofollow noopener" translate="no" target="_blank">https://tech.slashdot.org/story/25/05/18/0558219/firefox-announces-same-day-update-after-two-minor-pwn2own-exploits</a><a href="https://mastodon.thenewoil.org/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mozilla</a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a>

Trend Zero Day InitiativeConfirmed!! Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a>

Trend Zero Day InitiativeWelcome to Day Three of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> Berlin! Here's the schedule for this morning:

The New OilHackers exploit <a href="https://mastodon.thenewoil.org/tags/VMware" class="mention hashtag" rel="nofollow noopener" target="_blank">#VMware</a> <a href="https://mastodon.thenewoil.org/tags/ESXi" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESXi</a>, <a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://mastodon.thenewoil.org/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#SharePoint</a> zero-days at <a href="https://mastodon.thenewoil.org/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a><a href="https://www.bleepingcomputer.com/news/security/hackers-exploit-vmware-esxi-microsoft-sharepoint-zero-days-at-pwn2own/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-exploit-vmware-esxi-microsoft-sharepoint-zero-days-at-pwn2own/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Hackread.com🚨 Pwn2Own Berlin 2025 so far:• $695,000 awarded over 2 days• 39 zero-days across Windows 11, Red Hat, VMware, SharePoint, Docker & more• AI category sees first-ever successful exploitFinal day is tomorrow (May 17) Total payouts may cross $1M.Read: <a href="https://hackread.com/pwn2own-berlin-2025-windows-11-vmware-firefox-hacked/" rel="nofollow noopener" translate="no" target="_blank">https://hackread.com/pwn2own-berlin-2025-windows-11-vmware-firefox-hacked/</a><a href="https://mstdn.social/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> <a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a>

Trend Zero Day InitiativeOutstanding! Nguyen Hoang Thach of STARLabs SG used a single integer overflow to exploit <a href="https://infosec.exchange/tags/VMware" class="mention hashtag" rel="nofollow noopener" target="_blank">#VMware</a> ESXi - a first in <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> history. He earns $150,000 and 15 Master of Pwn points. <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2OBerlin</a>

Trend Zero Day InitiativeConfirmed!! Dinh Ho Anh Khoa of Viettel Cyber Security combined an auth bypass and an insecure deserialization bug to exploit <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> SharePoint. He earns $100,000 and 10 Master of Pwn points. <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2OBerlin</a>

Trend Zero Day InitiativeWe have another bug collision. Mohand Acherir & Patrick Ventuzelo of FuzzingLabs exploited <a href="https://infosec.exchange/tags/NVIDIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NVIDIA</a> Triton, but the exploit they used was known by the vendor (but unpatched). They still earn $15,000 and 1.5 Master of Pwn points. <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2OBerlin</a>

Trend Zero Day Initiativew00t!! Dinh Ho Anh Khoa of Viettel Cyber Security needed two attempts, but he successfully demonstrated his exploit of <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> SharePoint. If confirmed, he'll win $100,000 for his efforts. Off to the disclosure room! <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2OBerlin</a>

Trend Zero Day InitiativeBoom! Mohand Acherir & Patrick Ventuzelo (@pat_ventuzelo) of FuzzingLabs (@fuzzinglabs) kick off Day Two in style by demonstrating their exploit of <a href="https://infosec.exchange/tags/NVIDIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NVIDIA</a> Triton. They're off to the disclosure room to see if their exploit is unique. <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2OBerlin</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows11</a> and <a href="https://mastodon.thenewoil.org/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedHat</a> <a href="https://mastodon.thenewoil.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> hacked on first day of <a href="https://mastodon.thenewoil.org/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a><a href="https://www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a>

Trend Zero Day InitiativeCan't make it to <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> Berlin but want to see what happens during a live attempt? We're streaming two attempts live tomorrow here and on YouTube. Check us out at <a href="https://youtube.com/live/tLTJlWWa2Ws?feature=share" rel="nofollow noopener" translate="no" target="_blank">https://youtube.com/live/tLTJlWWa2Ws?feature=share</a> <a href="https://infosec.exchange/tags/P2oBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2oBerlin</a>

Trend Zero Day InitiativeIn this behind the scenes look at <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> Berlin, Zed and Dustin have run into an interesting problem - no gear! <a href="https://youtube.com/shorts/Xj9Du8iuXCw?feature=share" rel="nofollow noopener" translate="no" target="_blank">https://youtube.com/shorts/Xj9Du8iuXCw?feature=share</a>

Tom SchusterWe just published my blog post about the recent work on hardening the <a href="https://hachyderm.io/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> frontend against attacks we have seen demonstrated during <a href="https://hachyderm.io/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a>.<a href="https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html" rel="nofollow noopener" translate="no" target="_blank">https://attackanddefense.dev/2025/04/09/hardening-the-firefox-frontend-with-content-security-policies.html</a>

Trend Zero Day InitiativeBuilding an electric vehicle simulator to research EVSEs: At <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pwn2Own</a> Automotive, we built a custom device to let the EV chargers "charge". ZDI researcher Thanos Kaliyanakis explains how to put one together for your research. <a href="https://www.zerodayinitiative.com/blog/2025/3/14/building-an-electric-vehicle-simulator-to-research-evses" rel="nofollow noopener" translate="no" target="_blank">https://www.zerodayinitiative.com/blog/2025/3/14/building-an-electric-vehicle-simulator-to-research-evses</a>

Recent searches

Search options

Administered by:

Server stats:

#pwn2own