CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

73 Zero-day Vulnerabilities Exploited in Pwn2Own Ireland 2025

First reported
Last updated
1 unique sources, 3 articles

Summary

Hide ▲

The Pwn2Own Ireland 2025 hacking competition concluded with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. The event, held in Cork, Ireland, targeted vulnerabilities in various devices, including smartphones, messaging apps, smart home devices, printers, and more. The Zero Day Initiative (ZDI) operates the event to identify security flaws before threat actors can exploit them. Summoning Team won the competition with 22 Master of Pwn points and $187,500 earned throughout the three-day event. Team ANHTUD secured the second position with $76,750 and 11.5 Master of Pwn points, while Team Synactiv took third place with $90,000 in prizes and 11 Master of Pwn points. The event featured eight categories, including new attack vectors for mobile devices, and offered a $1 million reward for a zero-click WhatsApp exploit. On the first day, researchers demoed 34 unique zero-days and collected $522,500 in cash awards. Team DDOS chained eight zero-day flaws to hack a QNAP Qhora-322 Ethernet wireless router and gain access to a QNAP TS-453E NAS device, earning $100,000. On the second day, researchers exploited 56 unique zero-day vulnerabilities and collected $792,750 in cash awards. Ken Gannon and Dimitrios Valsamaras hacked the Samsung Galaxy S25, earning $50,000 and 5 Master of Pwn points. On the third day, the Samsung Galaxy S25 was hacked by Interrupt Labs via an improper input validation bug, earning 5 Master of Pwn points and $50,000.

Timeline

  1. 24.10.2025 09:36 1 articles · 23h ago

    73 Zero-day Vulnerabilities Exploited in Pwn2Own Ireland 2025

    The Pwn2Own Ireland 2025 hacking competition concluded with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. Summoning Team won the competition with 22 Master of Pwn points and $187,500 earned throughout the three-day event. Team ANHTUD secured the second position with $76,750 and 11.5 Master of Pwn points, while Team Synactiv took third place with $90,000 in prizes and 11 Master of Pwn points. On the third day, the Samsung Galaxy S25 was hacked by Interrupt Labs via an improper input validation bug, earning 5 Master of Pwn points and $50,000. Team Z3 withdrew from demonstrating a WhatsApp Zero-Click remote code execution zero-day, choosing to disclose their findings privately to ZDI analysts.

    Show sources
    Open in new tab
  2. 22.10.2025 21:52 2 articles · 2d ago

    56 Zero-day Vulnerabilities Exploited on Second Day of Pwn2Own Ireland 2025

    On the second day, researchers exploited 56 unique zero-day vulnerabilities and collected $792,750 in cash awards. Ken Gannon and Dimitrios Valsamaras hacked the Samsung Galaxy S25, earning $50,000 and 5 Master of Pwn points. Summoning Team remains at the top of the leaderboard with 18 points.

    Show sources
    Open in new tab
  3. 21.10.2025 20:06 3 articles · 3d ago

    34 Zero-day Vulnerabilities Exploited on First Day of Pwn2Own Ireland 2025

    On the first day of Pwn2Own Ireland 2025, hackers exploited 34 unique zero-days and collected $522,500 in cash awards. Team DDOS chained eight zero-day flaws to hack a QNAP Qhora-322 Ethernet wireless router and gain access to a QNAP TS-453E NAS device, earning $100,000. The Summoning Team won a total of $102,500 and leads the Master of Pwn leaderboard with 11.5 points.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Apple increases bug bounty payouts for zero-click RCE vulnerabilities

Apple has expanded and redesigned its bug bounty program, doubling maximum payouts and adding new research categories. The highest reward is now $2 million for zero-click remote code execution (RCE) vulnerabilities, with a bonus system that can exceed $5 million. The program now includes higher payouts for various types of vulnerabilities, including one-click remote attacks, wireless proximity attacks, and unauthorized iCloud access. Apple also plans to distribute secured iPhone 17 devices to civil society organizations and researchers in 2026. The changes aim to incentivize the discovery and reporting of sophisticated security issues, particularly those exploited by mercenary spyware. The program has awarded $35 million to 800 security researchers since its inception in 2020. The expansion includes a $100,000 reward for a complete Gatekeeper bypass and a $1 million reward for broad unauthorized iCloud access. Apple's latest bug bounty announcement is a response to the growth of commercial spyware activity, with the UK’s National Cyber Security Centre (NCSC) estimating that the commercial cyber intrusion sector doubles every 10 years.

Open in new tab