Looking for peeps interesting in organizing village for an upcoming conference, if you are around Chicago or in Midwest. HMU Please. #Security #APISecurity #CyberSecurity #Chicago #Infosec

Diagram of the Bybit and Safe{Wallet} crypto heist attributed to DPRK actor TraderTraitor, based on currently available public reporting by Mandiant (part of Google Cloud), Sygnia, SlowMist, & Verichains.

[ZDI-25-205] Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability (CVSS 9.8; Credit: Nitesh Surana (Nitesh Surana) of Trend Micro Research) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-206] Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability (CVSS 9.8; Credit: Nitesh Surana (Nitesh Surana) of Trend Micro Research) zerodayinitiative.com/advisories/ZDI…

Nicely done! Billy (Billy) and Ramdhan (Ramdhan) of STAR Labs used a UAF to perform their Docker Desktop escape and execute code on the underlying OS. They earn $60,000 and 6 Master of Pwn Points.

Amazing! Nir Ohfeld (Nir Ohfeld) Shir Tamari (Shir) of Wiz Research used a External Initialization of Trusted Variables bug to exploit the #NVIDIA Container Toolkit. This unique bug earns them $30,000 and 3 Master of Pwn points.

Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to starlabs for winning Master of Pwn with $320,000. Thanks to offensivecon for hosting, and thanks to all who participated. Can't wait to see you next year! #Pwn2Own #P2OBerlin

o3 for finding a security vulnerability in the Linux kernel: sean.heelan.io/2025/05/22/how…

It's a mild release from #Microsoft and a record-breaking release from #Adobe. There's a single 0-day to deal with in WEBDAV and, as always, a few deployment challenges. The Dustin Childs provides all the details at zerodayinitiative.com/blog/2025/6/10…

CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability: Trend ZDI analyst Bobby Gould details this bug and another that may be a dupe. He also shows how it can be exploited. zerodayinitiative.com/blog/2025/7/24…

I’m stoked to be presenting at fwd:cloudsec EU, along with William Gamazo Sanchez, on the broken threads of the cloud spider web. We’ll be showcasing real-world impact of cloud resource takeovers and cloud-powered supply chain attacks. fwdcloudsec.org/conference/eur…

Don't forget that secret management best practices apply to MCP servers! trendmicro.com/vinfo/us/secur…

[ZDI-25-858] Axis Communications Autodesk Plugin AzureBlobRestAPI axiscontentfiles Remote Code Execution Vulnerability (CVSS 8.8; Credit: Nitesh Surana (Nitesh Surana) of Trend Micro Research) zerodayinitiative.com/advisories/ZDI…

[POC2025] KEYNOTE SPEAKER UPDATE 👤 Brian Gorenc(Brian Gorenc) – "From Buffer Overflows to Breaking AI: Two Decades of ZDI Vulnerability Research" ZDI(Trend Zero Day Initiative) also stands with their 20 years! Now AI finds 0days— but the bugs? still the same old mess. #POC2025

Unreal. Great find Dirk-jan !

kernel hackers go serverless ring0 → cloud 9 ☁️ ?? brb pwning yr gpu nodes ✨

Nice one Petrus Germanicus 🔥🔥🔥!

Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing: Trend ZDI researcher Simon Zuckerbraun shows how to go from a crash to a full exploit - & he provides you tools to do the same, including his technique used to get ROP execution. zerodayinitiative.com/blog/2025/10/6…

Don't forget to also checkout the cloud side of the attack in the blog written by Nitesh Surana trendmicro.com/en_us/research…

Definitely one of the most beautiful things ever created! Let’s now give them wings :) Head over to our blog to know how the exposure of cloud credentials could have enabled a supply chain attack on select users; had this very vulnerability been abused trendmicro.com/en_us/research…