🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

How China Is Building an Army of Hackers. With commentary from ZDI's Dustin Childs and footage from #Pwn2Own Automotive youtu.be/8kpnSb4yGR0?si… via YouTube

Congrats to Mozilla for being the first vendor to patch their #Pwn2Own bugs. Oh - and go update #Firefox to get the fixes. That's two years in a row Mozilla has been the fastest. Well done!

In a video highlight from Day One of #Pwn2Own Berlin, Team Viettel (VCSLab) targets the #NVIDIA Triton Inference server. youtube.com/shorts/dlPjBPr… #P2OBerlin

In a video highlight from day two of #Pwn2Own Berlin, Mohand Acherir & Patrick Ventuzelo (@pat_ventuzelo) of FuzzingLabs (@fuzzinglabs) exploit the #NVIDIA Triton Inference server youtube.com/shorts/Xuol5l1…

In another video highlight from day two of #Pwn2Own Berlin, Edouard Bochin (Edouard Bochin) and Tao Yan (@Ga1ois) from Palo Alto Networks successfully target Mozilla Firefox. youtube.com/shorts/nu6D9Fs…

In another video highlight from day two of #Pwn2Own Berlin, Gerrard Tai of STAR Labs SG Pte. Ltd takes on Red Heat Linux and explains why his first attempt failed. youtube.com/shorts/vBXACPP…

In another video highlight from day two of #Pwn2Own Berlin, Viettel Cyber Security (VCSLab) used an OOB Write for their Guest-to-Host escape on Oracle VirtualBox on their second attempt. youtube.com/shorts/cczvmsb…

In a video highlight from day three of #Pwn2Own Berlin, Manfred Paul takes on Mozilla Firefox (and his own nerves). youtube.com/shorts/Xe9ROvp…

In another video highlight from day three of #Pwn2Own Berlin, Nir Ohfeld (Nir Ohfeld) & Shir Tamari (Shir) of Wiz Research target NVIDIA Container Toolkit. They also talk about how long they researched the bug they used. youtube.com/shorts/iapJlDW…

In another video highlight from day three of #Pwn2Own Berlin, Dung and Nguyen (Mochi Nishimiya) of STARLabs take on Oracle VirtualBox - and they add on a Windows kernel LPE to completely take over the system. youtube.com/shorts/vLZLAVj…

Demonstrating CVE-2025-4919: Now that it's patched, we can show you how Manfred Paul used this code execution bug in the renderer of #Mozilla Firefox to win $50,000. youtu.be/TG029NAGKs0 #Pwn2Own #P2OBerlin

[ZDI-25-325|CVE-2025-37099] Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability (CVSS 9.8) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-326|CVE-2025-5747] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability (CVSS 8.0; Credit: PHP Hooligans) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-327|CVE-2025-5748] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger LAN OTA Exposed Dangerous Method Remote Code Execution Vulnerability (CVSS 8.0; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-328|CVE-2025-5749] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger BLE Encryption Keys Uninitialized Variable Authentication Bypass Vulnerability (CVSS 6.3; Credit: Tobias Scharnowski, Felix Buchmann, and Kristian Covic of fuzzware.io) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-329|CVE-2025-5750] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Rafal Goryl of PixiePoint Security) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-330|CVE-2025-5751] (0Day) (Pwn2Own) WOLFBOX Level 2 EV Charger Management Card Hard-coded Credentials Authentication Bypass Vulnerability (CVSS 4.6; Credit: Sina Kheirkhah (SinSinology) of Summoning Team (SummoningTeam)) zerodayinitiative.com/advisories/ZDI…

It's a mild release from #Microsoft and a record-breaking release from #Adobe. There's a single 0-day to deal with in WEBDAV and, as always, a few deployment challenges. The Dustin Childs provides all the details at zerodayinitiative.com/blog/2025/6/10…

No time to read the blog? Just want the highlights of what to prioritize (and what to look out for)? Check out the Patch Report for the June Patch Tuesday release. The Dustin Childs provides all the details, including a silent patch from last month. youtu.be/5RJqjm6VpQg

Extracting Embedded MultiMediaCard (eMMC) contents in-system. ZDI researcher Dmitry Janushkevich details how to interact with an eMMC chip and notes some pitfalls you may encounter on the way. zerodayinitiative.com/blog/2025/6/18…