675 matches found
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI's Biggest AI Showdown Yet
47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here's what we saw...
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The...
Pwn2Own Berlin 2026 Closes With $1.3 Million in Zero-Day Payouts
Cybersecurity researchers successfully demonstrated 47 unique zero-day exploits at Pwn2Own Berlin 2026, targeting major enterprise software and AI platforms...
Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days
Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms...
PT-2026-23780
Name of the Vulnerable Software and Affected Versions Philips Hue Bridge versions affected versions not specified Description A flaw exists in the Philips Hue Bridge’s hk hap component related to Ed25519 signature verification. This issue allows for authentication bypass. The vulnerability was...
(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens o...
PT-2026-23773
Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description The Philips Hue Bridge contains a heap-based buffer overflow in the Zigbee stack’s custom command handler. This issue allows for remote code execution. The vulnerability was...
PT-2026-23774
Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description The Philips Hue Bridge is susceptible to a heap-based buffer overflow during the HomeKit pair-setup process. This issue could allow for remote code execution. The vulnerability was...
Pwn2Own: Researchers Earn $1 Million for 76 Zero-Days
Discover how TrendAI Zero Day Initiative ZDI identified critical vulnerabilities across connected vehicles, EV chargers, and automotive systems...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001567)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001567 advisory. The xfrmreplayverifylen function in net/xfrm/xfrmuser.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRMMSGNEWAE update, which...
PT-2025-46143
Name of the Vulnerable Software and Affected Versions HBS 3 Hybrid Backup Sync versions prior to 26.2.0.938 Description An external control of file name or path issue exists in HBS 3 Hybrid Backup Sync. An attacker with local network access can potentially read or modify files and directories...
PT-2025-46327
Name of the Vulnerable Software and Affected Versions Synology BeeStation OS versions prior to 1.3.2-65648 Description The Synology BeeStation OS contains a stack-based buffer overflow issue that allows for remote code execution. The flaw resides in the auth info component and can be exploited to...
PT-2025-46141
Name of the Vulnerable Software and Affected Versions Hyper Data Protector versions prior to 2.2.4.1 Description An SQL injection issue exists in Hyper Data Protector. Successful exploitation could allow remote attackers to execute unauthorized code or commands. Recommendations Update to Hyper Da...
PT-2025-46139
Name of the Vulnerable Software and Affected Versions Malware Remover versions prior to 6.6.8.20251023 Description An improper control of generation of code issue exists in Malware Remover, potentially allowing remote attackers to bypass protection mechanisms. Recommendations Update to Malware...
Pwn2Own Ireland 2025: The Hacks, The Winners, and The Big Payouts
Hackers earned over $1 million at Pwn2Own Ireland 2025 in Cork, breaching printers, routers, NAS devices, and more as Summoning Team claimed Master of Pwn...
Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel
As the 2025 edition of Pwn2Own Ireland draws to a close, we are taking a beat to reflect on Rapid7’s participation and achievements, both this year and last, in the world of competitive zero day exploit development. Pwn2Own is a zero day exploit competition run by the Zero Day Initiative ZDI and...
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests...
EUVD-2019-19173
Malware in sbrugna...
EUVD-2014-0543
Malware in sbrugna...
EUVD-2017-16222
Malware in sbrugna...