September 25, 2024 at 07:18AM Ethical hackers can win over $1 million in cash and prizes at Pwn2Own Automotive 2025 in Tokyo, Japan. The competition includes hacking Tesla vehicles, in-vehicle infotainment systems, electric vehicle chargers, and operating systems, with prizes up to $500,000 for demonstrated vulnerabilities. Interested participants can find the full rules and registration … Read more
September 16, 2024 at 03:12PM A critical remote code execution (RCE) vulnerability, CVE-2024-29847, in Ivanti Endpoint Manager was exploited and publicly released by security researcher Sina Kheirkhah. The flaw allows a remote attacker to execute arbitrary operations and should be patched immediately with the security update released in September 2024. Additionally, other Ivanti vulnerabilities are … Read more
June 4, 2024 at 08:39AM A critical vulnerability (CVE-2024-4358, CVSS 9.8) in Progress Software’s Telerik Report Server allows remote attackers to bypass authentication, creating an admin user. An exploited deserialization flaw (CVE-2024-1800) enables remote code execution. Progress addressed both vulnerabilities in version 2024 Q1 (10.0.24.305). Users should update promptly to prevent exploitation. Based on the … Read more
May 17, 2024 at 08:09AM Seven Windows privilege escalation vulnerabilities discovered at Pwn2Own 2024 remain unpatched by Microsoft, with only one fix issued so far. Trend Micro’s Zero Day Initiative, which oversees Pwn2Own, notes the potential threat these bugs pose. Microsoft’s lag in resolving these issues contrasts with prompt actions by other tech companies, prompting … Read more
May 14, 2024 at 11:59AM Apple released security updates to address the CVE-2024-27834 zero-day vulnerability in Safari. The flaw was exploited during Pwn2Own Vancouver, earning the discoverer $60,000. The update is available for macOS Monterey and macOS Ventura, with instructions to update Safari separately from the operating system. Pwn2Own Vancouver 2024 resulted in $1,132,500 in … Read more
February 6, 2024 at 09:00AM Canon announced software updates to patch seven critical vulnerabilities impacting small office printer models. These buffer overflow bugs can be exploited for remote code execution or to cause unresponsiveness. The flaws, with a CVSS score of 9.8, affect various printer components and specific models globally. Customers are advised to install … Read more
January 24, 2024 at 11:18AM The Pwn2Own Automotive hacking contest saw participants earn over $700,000 by hacking a Tesla, electric vehicle chargers, and infotainment systems. Rewards ranged from $16,000 to $195,000 for various exploits. The event organized by Trend Micro’s Zero Day Initiative will continue with more hacking attempts targeting chargers, infotainment systems, and a … Read more
January 9, 2024 at 05:35PM Microsoft’s recent Patch Tuesday brought 49 Windows security updates and four high-severity Chrome flaws for Edge. Although there’s no active exploitation, two critical CVEs are listed as “exploitation more likely.” Adobe and SAP also released patches for their products, while Google’s Android Security Bulletin addressed 59 CVEs. No prior exploits … Read more
November 6, 2023 at 05:24AM Microsoft has confirmed that the four Exchange vulnerabilities disclosed by Trend Micro’s Zero Day Initiative (ZDI) either have been patched or do not require immediate attention. ZDI had identified the high-severity vulnerabilities but clarified that they are not actual zero-days and have not been exploited in the wild. Microsoft stated … Read more
October 26, 2023 at 12:57PM Hackers at the Pwn2Own Toronto 2023 competition earned a total of $350,000 in rewards on the second day. Devices such as NAS devices, printers, smart speakers, mobile phones, and routers were successfully exploited. The highest reward of $100,000 went to Chris Anastasio for vulnerabilities in the P-Link Omada Gigabit router … Read more