Trend Zero Day Initiative
@thezdi.bsky.social
Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
$1,024,750 - 73 unique bugs - a week of amazing research on display. #Pwn2Own Ireland had it all. Success. Failure. Intrigue. You name it. Congratulations to the Master of Pwn winners @SummoningTeam! Their outstanding work earned them $187,500 and 22 point. See you in Tokyo for Pwn2Own Automotive.
October 24, 2025 at 10:49 AM
$1,024,750 - 73 unique bugs - a week of amazing research on display. #Pwn2Own Ireland had it all. Success. Failure. Intrigue. You name it. Congratulations to the Master of Pwn winners @SummoningTeam! Their outstanding work earned them $187,500 and 22 point. See you in Tokyo for Pwn2Own Automotive.
We have another collision! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS used a single bug to exploit the QNAP TS-453E, but the bug has been previously seen in the contest. Their work still earns them $10,000 and 2 Master of Pwn points. #Pwn2Own
October 23, 2025 at 3:34 PM
We have another collision! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS used a single bug to exploit the QNAP TS-453E, but the bug has been previously seen in the contest. Their work still earns them $10,000 and 2 Master of Pwn points. #Pwn2Own
Confirmed! Team Viettel Cyber Security used a crypto bypass and a heap overflow to exploit the Phillips Hue Bridge. They earn $20,000 and 4 Master of Pwn points, which catapults them in the Top 5. It also puts us over $1,000,000 for the contest! #Pwn2Own
October 23, 2025 at 3:28 PM
Confirmed! Team Viettel Cyber Security used a crypto bypass and a heap overflow to exploit the Phillips Hue Bridge. They earn $20,000 and 4 Master of Pwn points, which catapults them in the Top 5. It also puts us over $1,000,000 for the contest! #Pwn2Own
We have another collision. Evan Grant used a single bug to exploit the QNAP TS-453E, but, unfortunately, it had been used earlier in the contest. He still earns $10,000 and 2 Master of Pwn points. #Pwn2Own
October 23, 2025 at 3:04 PM
We have another collision. Evan Grant used a single bug to exploit the QNAP TS-453E, but, unfortunately, it had been used earlier in the contest. He still earns $10,000 and 2 Master of Pwn points. #Pwn2Own
Another collision: the Thalium team from Thales Group needed 3 bugs to exploit the Phillips Hue Bridge, but only their heap based buffer overflow was unique. The others were seen earlier in the contest. They still earn $13,500 and 2.75 Master of Pwn points. #Pwn2Own
October 23, 2025 at 2:19 PM
Another collision: the Thalium team from Thales Group needed 3 bugs to exploit the Phillips Hue Bridge, but only their heap based buffer overflow was unique. The others were seen earlier in the contest. They still earn $13,500 and 2.75 Master of Pwn points. #Pwn2Own
Confirmed (with style!) - Interrupt Labs combined a path traversal and an untrusted search path bug to exploit the Lexmark CX532adwe. They got a reverse shell and loaded Doom on the LCD. We couldn't play it though :-[ Still awesome to see. #Pwn2Own
October 23, 2025 at 2:07 PM
Confirmed (with style!) - Interrupt Labs combined a path traversal and an untrusted search path bug to exploit the Lexmark CX532adwe. They got a reverse shell and loaded Doom on the LCD. We couldn't play it though :-[ Still awesome to see. #Pwn2Own
Verified! Team @neodyme.io used a single integer overflow to exploit the Canon imageCLASS MF654Cdw. Their unique bugs earns them $10,000 for the 8th round win and 2 Master of Pwn points. #Pwn2Own
October 23, 2025 at 1:56 PM
Verified! Team @neodyme.io used a single integer overflow to exploit the Canon imageCLASS MF654Cdw. Their unique bugs earns them $10,000 for the 8th round win and 2 Master of Pwn points. #Pwn2Own
We have another collision. Team Viettel used two bugs to exploit the Lexmark CX532adwe. While their heap based buffer over was unique, the other bug has been seen earlier in the contest. They still earn $7,500 and 1.5 Master of Pwn points. #Pwn2Own
October 23, 2025 at 1:52 PM
We have another collision. Team Viettel used two bugs to exploit the Lexmark CX532adwe. While their heap based buffer over was unique, the other bug has been seen earlier in the contest. They still earn $7,500 and 1.5 Master of Pwn points. #Pwn2Own
Confirmed! Sina Kheirkhah of Summoning Team used a hard-coded cred and an injection to take over the QNAP TS-453E. These unique bugs earn him $20,000 and 4 Master of Pwn points. #Pwn2Own
October 23, 2025 at 1:44 PM
Confirmed! Sina Kheirkhah of Summoning Team used a hard-coded cred and an injection to take over the QNAP TS-453E. These unique bugs earn him $20,000 and 4 Master of Pwn points. #Pwn2Own
Confirmed! David Berard of @synacktiv.com used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (incl. a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points. #Pwn2Own
October 23, 2025 at 1:31 PM
Confirmed! David Berard of @synacktiv.com used a pair of bugs to exploit the Ubiquiti AI Pro in the Surveillance Systems category. The impressive display (incl. a round of Baby Shark) earns him $30,000 and 3 Master of Pwn Points. #Pwn2Own
Confirmed (w/ a dupe)! Yannik Marchand (kinnay) used 3 bugs -incl. an Incorrect Implementation of Authentication Algorithm- to exploit the Phillips Hue Bridge but 2 bugs collided w/ bugs seen previously in the contest. He still earns $13,333 & 2.67 Master of Pwn points. Not bad for his 1st #Pwn2Own
October 23, 2025 at 11:44 AM
Confirmed (w/ a dupe)! Yannik Marchand (kinnay) used 3 bugs -incl. an Incorrect Implementation of Authentication Algorithm- to exploit the Phillips Hue Bridge but 2 bugs collided w/ bugs seen previously in the contest. He still earns $13,333 & 2.67 Master of Pwn points. Not bad for his 1st #Pwn2Own
Another big confirmation! Ben R. And Georgi G. of Interrupt Labs used an improper input validation bug to take over the Samsung Galaxy S25 - enabling the camera and location tracking in the process. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own
October 23, 2025 at 11:06 AM
Another big confirmation! Ben R. And Georgi G. of Interrupt Labs used an improper input validation bug to take over the Samsung Galaxy S25 - enabling the camera and location tracking in the process. They earn $50,000 and 5 Master of Pwn points. #Pwn2Own
Confirmed! Chris Anastasio of Team Cluck used a single type confusion bug to exploit the Lexmark CX532adwe printer. He earns himself $20,000 and 2 Master of Pwn points. #Pwn2Own
October 23, 2025 at 10:51 AM
Confirmed! Chris Anastasio of Team Cluck used a single type confusion bug to exploit the Lexmark CX532adwe printer. He earns himself $20,000 and 2 Master of Pwn points. #Pwn2Own
We have our first confirmation of #Pwn2Own Day 3! Xilokar (@xilokar@mamot.fr) used 4 bugs - including a auth bypass and an underflow - to exploit the Phillips Hue Bridge, but 1 bug collided with a previous entry. He still earns $17,500 and 3.5 Master of Pwn points.
October 23, 2025 at 9:39 AM
We have our first confirmation of #Pwn2Own Day 3! Xilokar (@xilokar@mamot.fr) used 4 bugs - including a auth bypass and an underflow - to exploit the Phillips Hue Bridge, but 1 bug collided with a previous entry. He still earns $17,500 and 3.5 Master of Pwn points.
Day 2 of #Pwn2Own Ireland is in the books. So far, we've awarded $792,750 or 56 unique 0-days. Tomorrow could be even better with more Samsung, a Meta Quest entry and that big WhatsApp entry still lingering. Here's the current Master of Pwn leader board. See you tomorrow!
October 22, 2025 at 6:31 PM
Day 2 of #Pwn2Own Ireland is in the books. So far, we've awarded $792,750 or 56 unique 0-days. Tomorrow could be even better with more Samsung, a Meta Quest entry and that big WhatsApp entry still lingering. Here's the current Master of Pwn leader board. See you tomorrow!
Our final attempt of the day is a collision. Le Tran Hai Tung, namnp and Le Duc Anh Vu of Viettel Cyber Security collided with a previous entry while exploiting the Canon mageCLASS MF654Cdw. They still earn $5,000 and 1 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:40 PM
Our final attempt of the day is a collision. Le Tran Hai Tung, namnp and Le Duc Anh Vu of Viettel Cyber Security collided with a previous entry while exploiting the Canon mageCLASS MF654Cdw. They still earn $5,000 and 1 Master of Pwn points. #Pwn2Own
Confirmed! ChatGPT helped Team ANHTUD as they used 3 bugs - 1 collision, 1 unique SSRF and 1 cleartext storage of sensitive information - to exploit Home Automation Green. They finished with just 45 seconds remaining. Their work earns them $16,750 and 3.75 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:33 PM
Confirmed! ChatGPT helped Team ANHTUD as they used 3 bugs - 1 collision, 1 unique SSRF and 1 cleartext storage of sensitive information - to exploit Home Automation Green. They finished with just 45 seconds remaining. Their work earns them $16,750 and 3.75 Master of Pwn points. #Pwn2Own
Verified! Nao and @ExLuck99 from ANHTUD used a heap-based buffer overflow to exploit the Lexmark CX532adwe, but we penalized for a rules violation. The still earn $10,000 and 2 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:26 PM
Verified! Nao and @ExLuck99 from ANHTUD used a heap-based buffer overflow to exploit the Lexmark CX532adwe, but we penalized for a rules violation. The still earn $10,000 and 2 Master of Pwn points. #Pwn2Own
We have another collision. The PHP Hooligans did exploit the QNAP TS-453E, but the bug they used was previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:21 PM
We have another collision. The PHP Hooligans did exploit the QNAP TS-453E, but the bug they used was previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points. #Pwn2Own
Confirmed! Team @neodyme.io used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:15 PM
Confirmed! Team @neodyme.io used three bugs to exploit the Amazon Smart plug. In doing so, they earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own
Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:11 PM
Confirmed! The team from @synacktiv.com used a buffer overflow to exploit the Phillips Hue Bridge. Their unique bug earns them $20,000 and 4 Master of Pwn points. #Pwn2Own
We have another collision. The PHP Hooligans used a buffer overflow to exploit the Phillips Hue Bridge, but the bug had been previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points. #Pwn2Own
October 22, 2025 at 5:03 PM
We have another collision. The PHP Hooligans used a buffer overflow to exploit the Phillips Hue Bridge, but the bug had been previously seen in the contest. They still earn $10,000 and 2 Master of Pwn points. #Pwn2Own
