Pwn2Own Berlin 2025: Day One Results read file error: read notes: is a directory... 2025-5-15 10:10:50 | 阅读: 16 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com earns collision pwn2own summoning privs

Pwn2Own Berlin: The Full Schedule read file error: read notes: is a directory... 2025-5-14 16:1:41 | 阅读: 15 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com 30000 nvidia thursday triton inference

The May 2025 Security Update Review read file error: read notes: is a directory... 2025-5-13 18:27:2 | 阅读: 18 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows exploited cves

CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS macOS存在一个代码执行漏洞（CVE-2024-44236），因Scriptable Image Processing System（sips）工具在处理ICC Profile文件时未正确验证“lutAToBType”和“lutBToAType”字段导致内存溢出写入。攻击者可通过构造恶意ICC Profile文件诱使用户打开，在目标进程上下文中执行任意代码。该漏洞已修复。... 2025-5-7 18:30:19 | 阅读: 27 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com icc sips victim tagged clut

The April 2025 Security Update Review 微软和Adobe在四月发布安全更新，微软修复124个CVE（含11个Critical漏洞），涉及权限提升、远程代码执行等；Adobe发布12公告修复54个CVE（含多个Critical漏洞），涵盖Cold Fusion、Photoshop等产品。... 2025-4-8 18:14:25 | 阅读: 21 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows security cves

MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities 文章探讨了使用Binary Ninja的MLIL构建数据流图以检测Use-After-Free（UAF）漏洞的方法。通过追踪内存分配与使用关系，并结合跨函数可达性分析，识别潜在漏洞。该方法利用SSA变量和指针操作构建图结构，并分析内存释放与引用路径间的关联。尽管存在误报问题，但该技术为静态分析提供了一种有效途径。... 2025-3-27 15:4:21 | 阅读: 20 | 收藏 | 0day Fans - www.thezdi.com memory ssa analysis edges tracked

Building an electric vehicle simulator to research EVSEs 文章描述了一个用于模拟电动汽车充电状态的设备设计和组装过程，旨在帮助研究人员在Pwn2Own Automotive 2025活动中测试充电设备的安全性。该设备基于J1772标准，通过电阻和PWM信号模拟车辆连接和充电请求，并强调了高电压操作中的安全注意事项。... 2025-3-19 18:40:54 | 阅读: 33 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com ev evse simulator j1772 charging

The March 2025 Security Update Review 2025年3月补丁星期二更新中，微软修复了56个CVE漏洞（含6个关键漏洞），Adobe修复了37个CVE漏洞（含多个高危代码执行漏洞）。微软本次更新中有6个漏洞被报告为活跃攻击目标。... 2025-3-11 17:39:36 | 阅读: 7 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com exploited attacker microsoft substance windows

CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy 微软Windows KDC代理存在整数溢出漏洞（CVE-2024-43639），因缺少Kerberos响应长度检查导致远程代码执行风险。已修补。... 2025-3-4 17:2:27 | 阅读: 25 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com proxy asn1 octets encoder

Announce Pwn2Own Berlin and Introducing an AI Category Pwn2Own 2025将于2025年5月15日至17日在柏林的OffensiveCon会议上举行，新增AI类别并涵盖Web浏览器、云原生/容器、虚拟化等多领域目标，总奖金超百万美元。... 2025-2-24 16:45:33 | 阅读: 23 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com pwn2own tesla contest payouts windows

The February 2025 Security Update Review 这篇文章总结了2025年2月微软和Adobe的安全更新。Adobe修复了45个CVE，涉及多个产品；微软修复了67个CVE，包括三个关键漏洞和两个已被公开利用的漏洞。文章还强调了一些高风险漏洞，并提醒用户及时部署补丁以应对潜在威胁。... 2025-2-11 19:8:38 | 阅读: 46 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft exploited attacker windows cves

Looking Back at the Trend ZDI Activities from 2024 文章总结了Trend ZDI在2024年的成果：Pwn2Own竞赛发现148个零日漏洞；发布1741个安全公告；内部贡献占40%。未来将继续举办竞赛并加强安全研究。... 2025-2-7 17:11:4 | 阅读: 28 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com pwn2own awarded security zdi contest

Pwn2Own Automotive 2025 - Day Three and Final Results Welcome to the third and final day of Pwn2Own Automoti... 2025-1-24 03:17:16 | 阅读: 23 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com charger earns ev pwn2own 750

Pwn2Own Automotive 2025 - Day Two Results Welcome to the second day of Pwn2Own Automotive 2025.... 2025-1-23 03:41:34 | 阅读: 29 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com pwn2own ev tesla earn wolfbox

Pwn2Own Automotive 2025 - Day One Results January 21, 2025 | Dustin Childs... 2025-1-22 03:23:23 | 阅读: 38 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com automotive pwn2own ivi charger pioneer

Pwn2Own Automotive 2025: The Full Schedule こんにちは and welcome to the second annual Pwn2Own Automotive competition. We are at Automotive World... 2025-1-21 08:49:24 | 阅读: 38 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com vehicle ivi 20000 chargers

Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI For the upcoming Pwn2Own Automotive contest, a total of four in-vehicle infotainment (IVI) head u... 2025-1-20 16:0:0 | 阅读: 28 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com software partitions emmc carplay bootloader

Reviewing the Attack Surface of the Autel MaxiCharger: Part Two read file error: read notes: is a directory... 2025-1-16 16:0:0 | 阅读: 13 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com autel charger firmware charge maxicharger

Reviewing the Attack Surface of the Autel MaxiCharger: Part One For the upcoming Pwn2Own Automotive contest a total of 7 electric vehicle chargers have been sele... 2025-1-15 14:45:0 | 阅读: 32 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com 4g maxicharger pins uart mcu

The January 2025 Security Update Review Welcome to the first Patch Tuesday of the new year. Even while preparing for Pwn2Own Automotive,... 2025-1-14 18:29:48 | 阅读: 65 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft remote windows security cves