Close Menu
Cybercrime and Ransomware

Hackers Unleash 56 Zero-Days, Earn $790,000

Staff WriterBy No Comments4 Mins Read2 Views

Summary Points

  1. During Pwn2Own Ireland 2025, hackers exploited 56 zero-day vulnerabilities, earning $792,750, with notable achievements in hacking Samsung Galaxy S25, NAS devices, and printers, and accumulating over $1.3 million across two days.
  2. The Summoning Team leads with 18 Master of Pwn points and $167,500 earned, while researchers targeted diverse devices including smartphones, NAS hardware, printers, smart home gear, and surveillance equipment.
  3. The contest introduced new attack vectors, such as USB port exploitation on mobile devices, alongside traditional wireless protocols, emphasizing evolving hacking techniques.
  4. Post-competition, vendors have 90 days to patch the discovered vulnerabilities, with upcoming events in automotive tech and continued focus on zero-day exploits planned for 2026.

The Issue

During the second day of Pwn2Own Ireland 2025, security researchers leveraged 56 zero-day vulnerabilities across various devices and systems to earn a staggering $792,750 in cash, exposing critical security flaws. Notably, Ken Gannon and Dimitrios Valsamaras exploited five vulnerabilities in the Samsung Galaxy S25, earning $50,000 and earning the highest Master of Pwn points. The contest revealed that even common devices like NAS storage units, printers, and smart home gadgets had vulnerabilities—such as the QNAP TS-453E NAS, Synology DS925+, and Phillips Hue Bridge—that hackers quickly exploited, sometimes within seconds. The hacking efforts are publicly documented by the Zero Day Initiative (ZDI), which oversees the competition and will coordinate patches to fix these flaws within 90 days, before disclosing them to the wider community.

The competition, sponsored by Meta, Synology, and QNAP, spans several categories including smartphones, IoT devices, and messaging apps, with researchers intentionally targeting the most vulnerable attack vectors, even including physical connections like USB ports when devices are locked. The hackers’ success underscores an alarming rise in cybersecurity vulnerabilities, with nearly half of tested environments having their passwords cracked—almost twice as many as last year. As the contest progresses, teams aim to breach additional high-profile targets like the Galaxy S25, NAS systems, and even a remote exploit in WhatsApp, with offers of up to $1 million for certain zero-click vulnerabilities. These findings are reported by the organizers and researchers involved in the event, highlighting the ongoing and growing challenge of securing modern digital ecosystems.

Critical Concerns

The recent revelation that hackers exploited 56 zero-day vulnerabilities for a staggering $790,000 serves as a stark warning that your business is vulnerable to similar cyber threats—especially if you lack robust, up-to-date security measures. Zero-days are previously unknown weaknesses in software or hardware that hackers can exploit before developers even realize there’s a problem, leaving your systems exposed to data breaches, operational disruptions, and hefty financial losses. Any company, regardless of size or industry, can suffer severe consequences—from the erosion of customer trust and legal penalties to costly downtime and proprietary data theft—highlighting the urgent need for proactive vulnerability management and comprehensive cybersecurity strategies to shield your business from such sophisticated attacks.

Possible Remediation Steps

In today’s digital landscape, the swift identification and remediation of security vulnerabilities are crucial to maintaining organizational integrity and preventing costly breaches. The report that hackers exploited 56 zero-days for a total of $790,000 underscores the importance of prompt action when vulnerabilities are discovered, as delays can lead to severe financial and reputational damage.

Immediate Detection
Implement continuous monitoring tools to rapidly identify unusual activity or indicators of exploitation.

Vulnerability Analysis
Conduct thorough assessments to confirm vulnerabilities’ presence and scope, prioritizing those with high exploitability.

Patch Deployment
Apply patches and security updates as soon as they become available to close known vulnerabilities swiftly.

Configuration Management
Ensure systems are configured securely, disabling unnecessary services and applying best practices to reduce attack surfaces.

User Awareness
Educate employees about phishing and social engineering to prevent attackers from gaining initial access that exploits zero-days.

Incident Response Planning
Activate incident response plans to contain and remediate breaches rapidly, minimizing potential damage.

Threat Hunting
Proactively search for signs of exploitation within the environment to catch breaches early and understand attack vectors.

Vulnerability Management
Maintain a proactive vulnerability management program to discover and remediate security flaws before they are exploited.

Continue Your Cyber Journey

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.