zdi
-
Researchers Hack Tesla Infotainment at Pwn2Own Automotive 2026, 37 Zero‑Days Exploited on Day One
Researchers exploited 37 zero-days at Pwn2Own Automotive 2026 in Tokyo to hack Tesla’s Infotainment System and other systems, earning $516,500 on day one. Vendors have 90 days to issue fixes.
-
Active exploitation reported for 7‑Zip ZIP symbolic link vulnerability
NHS England Digital warned that CVE-2025-11001, a 7‑Zip vulnerability affecting symbolic link handling and allowing remote code execution, is being actively exploited; 7‑Zip 25.00 released in July 2025 contains fixes and users are urged to update.
-
Researchers Exploit 34 Zero‑Days on Opening Day of Pwn2Own Ireland 2025
On the opening day of Pwn2Own Ireland 2025 researchers exploited 34 zero‑day vulnerabilities and won $522,500 in prizes; Team DDOS earned $100,000 for chaining multiple flaws to compromise a QNAP router and NAS, and the Summoning Team led the leaderboard after day one.
