mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#pwn2own

1 Beitrag1 Beteiligte*r0 Beiträge heute
CODE WHITE GmbH<p>We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by <span class="h-card" translate="no"><a href="https://bird.makeup/users/_l0gg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>_l0gg</span></a></span> to pop SharePoint at <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin 2025, it's really just one request! Kudos to <span class="h-card" translate="no"><a href="https://infosec.exchange/@mwulftange" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mwulftange</span></a></span></p>
Marcel SIneM(S)US<p>Irgendwie verstehe ich das Problem nicht: Wieso wird etwas auf einen Lautsprecher KOPIERT? 🤔 Es wird doch "nur" gestreamed :mastoshrug: </p><p><a href="https://social.tchncs.de/tags/Sonos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sonos</span></a>-Lautsprecher: Weitere <a href="https://social.tchncs.de/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a>-Lücke gestopft | Security <a href="https://www.heise.de/news/Sonos-Lautsprecher-Weitere-Pwn2Own-Luecke-gestopft-10423249.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Sonos-Lautsprech</span><span class="invisible">er-Weitere-Pwn2Own-Luecke-gestopft-10423249.html</span></a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Patchday</span></a></p>
IT Insights<p>Hackers verdienen €435.000 door exploits in SharePoint en VMware bij Pwn2Own 2025! Cybersecurity blijft cruciaal. <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a>&nbsp;<br><a href="https://itinsights.nl/cybersecurity/hackers-kraken-sharepoint-en-vmware-e435-000-buit/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">itinsights.nl/cybersecurity/ha</span><span class="invisible">ckers-kraken-sharepoint-en-vmware-e435-000-buit/</span></a></p>
Trend Zero Day Initiative<p>Demonstrating CVE-2025-4919: Now that it's patched, we can show you how Manfred Paul used this code execution bug in the renderer of <a href="https://infosec.exchange/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> Firefox to win $50,000. <a href="https://youtu.be/TG029NAGKs0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/TG029NAGKs0</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2OBerlin</span></a></p>
Tom Schuster<p>We now have evidence that the strict Content-Security-Policy we added to the <a href="https://hachyderm.io/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> fronted for hardening purposes prevent a Pwn2Own participant from escaping the sandbox! Definitely validates our approach.</p><p><a href="https://blog.mozilla.org/security/2025/05/17/firefox-security-response-to-pwn2own-2025/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.mozilla.org/security/2025</span><span class="invisible">/05/17/firefox-security-response-to-pwn2own-2025/</span></a></p><p>P.S: Nice work from everyone for being the fastest to ship a fix for the <a href="https://hachyderm.io/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> findings again.</p>
Trend Zero Day Initiative<p>In another video highlight from day three of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Dung and Nguyen of STARLabs take on Oracle VirtualBox - and they add on a Windows kernel LPE to completely take over the system. <a href="https://youtube.com/shorts/vLZLAVjCaIY" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/vLZLAVjCaIY</span><span class="invisible"></span></a></p>
Trend Zero Day Initiative<p>In another video highlight from day three of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Nir Ohfeld &amp; Shir Tamari of Wiz Research target NVIDIA Container Toolkit. They also talk about how long they researched the bug they used. <a href="https://youtube.com/shorts/iapJlDWMP18" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/iapJlDWMP18</span><span class="invisible"></span></a></p>
Trend Zero Day Initiative<p>In a video highlight from day three of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Manfred Paul takes on Mozilla Firefox (and his own nerves). <a href="https://youtube.com/shorts/Xe9ROvpsqwU" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/Xe9ROvpsqwU</span><span class="invisible"></span></a></p>
Trend Zero Day Initiative<p>In another video highlight from day two of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Viettel Cyber Security used an OOB Write for their Guest-to-Host escape on Oracle VirtualBox on their second attempt. <a href="https://youtube.com/shorts/cczvmsbAeq0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/cczvmsbAeq0</span><span class="invisible"></span></a></p>
Trend Zero Day Initiative<p>In another video highlight from day two of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Gerrard Tai of STAR Labs SG Pte. Ltd takes on Red Heat Linux and explains why his first attempt failed. <a href="https://youtube.com/shorts/vBXACPP9D-0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/vBXACPP9D-0</span><span class="invisible"></span></a></p>
Trend Zero Day Initiative<p>In another video highlight from day two of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Edouard Bochin and Tao Yan from Palo Alto Networks successfully target Mozilla Firefox. <a href="https://youtube.com/shorts/nu6D9Fs3otM" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/nu6D9Fs3otM</span><span class="invisible"></span></a></p>
Trend Zero Day Initiative<p>In a video highlight from day two of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Mohand Acherir &amp; Patrick Ventuzelo of FuzzingLabs exploit the <a href="https://infosec.exchange/tags/NVIDIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NVIDIA</span></a> Triton Inference server <a href="https://youtube.com/shorts/Xuol5l1GupA" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/Xuol5l1GupA</span><span class="invisible"></span></a></p>
Trend Zero Day Initiative<p>In a video highlight from Day One of <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin, Team Viettel targets the <a href="https://infosec.exchange/tags/NVIDIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NVIDIA</span></a> Triton Inference server. <a href="https://youtube.com/shorts/dlPjBPr1E5o" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/shorts/dlPjBPr1E5o</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2OBerlin</span></a></p>
Neodyme<p>At <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Ireland 2024, we successfully targeted the SOHO Smashup category. 🖨️ </p><p>Starting with a QNAP QHora-322 NAS, we pivoted to the Canon imageCLASS MF656Cdw - and ended with shellcode execution after MMU reconfiguration on the RTOS.</p><p>Read the full vulnerability deep dive here 👉 <a href="https://neodyme.io/en/blog/pwn2own-2024_canon_rce/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">neodyme.io/en/blog/pwn2own-202</span><span class="invisible">4_canon_rce/</span></a></p>
Trend Zero Day Initiative<p>Congrats to <span class="h-card" translate="no"><a href="https://mastodon.social/@mozilla" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mozilla</span></a></span> for being the first vendor to patch their <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> bugs. Oh - and go update <a href="https://infosec.exchange/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> to get the fixes. That's two years in a row Mozilla has been the fastest. Well done!</p>
Trend Zero Day Initiative<p>How China Is Building an Army of Hackers. With commentary from ZDI's Dustin Childs and footage from <a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Automotive <a href="https://youtu.be/8kpnSb4yGR0?si=JxoohyErJkcRXZD5" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/8kpnSb4yGR0?si=Jxoohy</span><span class="invisible">ErJkcRXZD5</span></a> via @YouTube</p>
nemo™ 🇺🇦<p>🚨 Firefox just patched 2 critical zero-days exploited at <a href="https://mas.to/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin! 🦊💻 Hackers earned $100K for finding flaws that could expose sensitive data or enable code execution. Users are urged to update ASAP for protection! 🔒 Read more: <a href="https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/05/fire</span><span class="invisible">fox-patches-2-zero-days-exploited.html</span></a> <a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mas.to/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://mas.to/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> <a href="https://mas.to/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://mas.to/tags/newz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>newz</span></a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> :firefox: : <a href="https://social.tchncs.de/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a> schließt Sicherheitslücken aus <a href="https://social.tchncs.de/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a>-Hacker-Wettbewerb | Security <a href="https://www.heise.de/news/Firefox-Mozilla-schliesst-Sicherheitsluecken-aus-Pwn2Own-Hacker-Wettbewerb-10389266.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Firefox-Mozilla-</span><span class="invisible">schliesst-Sicherheitsluecken-aus-Pwn2Own-Hacker-Wettbewerb-10389266.html</span></a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Patchday</span></a> <a href="https://social.tchncs.de/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Browser</span></a> <a href="https://social.tchncs.de/tags/Webbrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Webbrowser</span></a></p>
Trend Zero Day Initiative<p><a href="https://infosec.exchange/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin 2025 is complete! In total, we awarded $1,078,750 for 28 unique 0-days. Join Brian Gorenc and Dustin Childs as they recap the highlights (and some lowlights) from this year's event. <a href="https://youtu.be/G7McB7L7sIs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/G7McB7L7sIs</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/P2OBerlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2OBerlin</span></a></p>
Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/Pwn2Own" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own</span></a> Berlin: Gesamtsieg geht an Singapur, über eine Million Gesamt-Preisgeld | Security <a href="https://www.heise.de/news/Pwn2Own-Berlin-Gesamtsieg-geht-an-Singapur-ueber-eine-Million-Gesamt-Preisgeld-10387932.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Pwn2Own-Berlin-G</span><span class="invisible">esamtsieg-geht-an-Singapur-ueber-eine-Million-Gesamt-Preisgeld-10387932.html</span></a> <a href="https://social.tchncs.de/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://social.tchncs.de/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a> <a href="https://social.tchncs.de/tags/Pwn2Own2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwn2Own2025</span></a></p>