On the second day of the Pwn2Own Ireland 2025 competition, security researchers demonstrated 56 previously unknown vulnerabilities, earning a total of $792,750. A notable achievement came from a team that used a chain of five flaws to compromise a Samsung Galaxy S25, winning $50,000. Other targets successfully hacked included QNAP and Synology network storage devices, a Phillips Hue Bridge, and various printers and smart plugs.
The "Summoning Team" currently leads the Master of Pwn leaderboard with 18 points after collecting $167,500 over the first two days. This follows a successful first day where participants uncovered 34 zero-days and were awarded $522,500. The contest, sponsored by companies like Meta, Synology, and QNAP, tests a wide range of products including smartphones, smart home gadgets, and wearables.
The final day will feature another attempt on the Samsung Galaxy S25 and a highly anticipated demonstration of a zero-click WhatsApp exploit with a potential $1 million reward. All discovered vulnerabilities are responsibly disclosed to vendors, who have 90 days to release patches before public disclosure.
Read more...