[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Research) zerodayinitiative.com/advisories/Z...
25.02.2026 18:10 — 👍 0 🔁 1 💬 0 📌 0[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Research) zerodayinitiative.com/advisories/Z...
25.02.2026 18:10 — 👍 0 🔁 1 💬 0 📌 0Heading to the #[un]prompted conference next week? Be sure to catch @gothburz.bsky.social's talk on "FENRIR: AI Hunting for AI Zero-Days at Scale" His talk shows how we're FENRIR has detected over 100+ CVEs since mid-2025. Don't miss it. unpromptedcon.org
23.02.2026 19:12 — 👍 2 🔁 2 💬 0 📌 0
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at www.zerodayinitiative.com/blog/2026/2/...
19.02.2026 21:27 — 👍 2 🔁 1 💬 0 📌 1
No time to read the blog? Interested in the nuance in this month's release? Or just curious to see if @dustinchilds.bsky.social is still awake in Tokyo? Check out the Patch Report for February, 2026! youtu.be/ibKzs_q6OoM
10.02.2026 20:31 — 👍 0 🔁 0 💬 0 📌 0
Microsoft report six(!) exploits in the wild while Adobe has a small (and relatively quiet) month. Join @dustinchilds.bsky.social from Tokyo as he breaks down the release and shows you what to watch for. www.zerodayinitiative.com/blog/2026/2/...
10.02.2026 18:32 — 👍 1 🔁 1 💬 0 📌 0
CVE-2025-6978: Arbitrary Code Execution in the #Arista NG Firewall - our researchers took a deep dive into this recently patched RCE to provide root cause and detection guidance. Read all the details at www.zerodayinitiative.com/blog/2026/2/...
05.02.2026 16:48 — 👍 4 🔁 3 💬 0 📌 0
$1,047,000 - 76 unique 0-day vulnerabilities - three days of incredible research on display. #Pwn2Own Automotive had it all: bold exploits, clever techniques, and collisions. Congrats to Fuzzware.io (@ScepticCtf, @diff_fusion, @SeTcbPrivilege), Master of Pwn with $215,500 and 28 points! #P2OAuto
23.01.2026 07:45 — 👍 5 🔁 0 💬 1 📌 0
Collision! Ryo Kato (@Pwn4S0n1c) targeted the Autel MaxiCharger AC Elite Home 40A, demonstrating a three-bug chain but encountering one collision, still earning $16,750 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 07:14 — 👍 1 🔁 0 💬 0 📌 0
Verified! Nam Ha Bach and Vu Tien Hoa of the FPT NightWolf Team targeted the Alpine iLX-F511, exploiting one unique vulnerability to gain root access and earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 07:08 — 👍 0 🔁 0 💬 0 📌 0
Confirmed! Elias Ikkelä-Koski and Aapo Oksman of Juurin Oy targeted the Kenwood DNR1007XR, demonstrating a link-following vulnerability to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 07:03 — 👍 0 🔁 0 💬 0 📌 0
Collision. Autocrypt (Hoyong Jin, Jaewoo Jeong, Chanhyeok Jung, Minsoo Son, and Kisang Choi) targeted the Alpine iLX-F511, demonstrating two vulnerabilities to gain root access. One collided with a previously known issue, earning $3,000 USD and 1.25 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 06:31 — 👍 0 🔁 0 💬 0 📌 0
Collision! Nguyen Thanh Dat (@rewhiles) of Viettel Cyber Security (@vcslab) targeted the Kenwood DNR1007XR, demonstrating one bug but encountering a collision, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto
23.01.2026 05:50 — 👍 1 🔁 0 💬 0 📌 0
Boom! or shall I say Doom? Game On! Aapo Oksman, Elias Ikkelä-Koski and Mikael Kantola of Juurin Oy exploit the Alpitronic HYC50 with a TOCTOU bug - and installed a playable version of Doom to boot. They earn $20,000 and 4 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 05:06 — 👍 2 🔁 2 💬 0 📌 0
Collision! Qrious Secure (@qriousec) targeted the Kenwood system, demonstrating three bugs - one n-day and two unique vulnerabilities (incorrect permission assignment and a race condition), earning $4,000 USD and 1.75 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 04:44 — 👍 0 🔁 0 💬 0 📌 0
Confirmed! Viettel Cyber Security (@vcslab) targeted the Sony XAV‑9500ES, exploiting a heap‑based buffer overflow to achieve arbitrary code execution, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 04:24 — 👍 0 🔁 0 💬 0 📌 0
Verified! Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeted the Alpine iLX‑F511, exploiting a stack‑based buffer overflow to earn $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 04:16 — 👍 0 🔁 0 💬 0 📌 0
Confirmed! PetoWorks (@petoworks) targeted the Grizzl-E Smart 40A, exploiting one buffer overflow bug, and earned $10,000 USD and 4 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 03:46 — 👍 0 🔁 0 💬 0 📌 0
Collision! Team MST targeted the Kenwood DNR1007XR, demonstrating one bug but running into a collision, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto
23.01.2026 02:41 — 👍 0 🔁 0 💬 0 📌 0
Another collision! Slow Horses of Qrious Secure (@qriousec) targeted the Grizzl-E Smart 40A but encountered two bug collisions, still earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
23.01.2026 02:16 — 👍 0 🔁 0 💬 0 📌 0
Collision! Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io targeted the Alpine iLX-F511, demonstrating one vulnerability previously used by another contestant, earning $2,500 USD and 1 Master of Pwn point. #Pwn2Own #P2OAuto
23.01.2026 02:00 — 👍 0 🔁 0 💬 0 📌 0Day 3 of Pwn2Own Automotive 2026 is here - the final push. Bold attempts. High stakes. One last day. #Pwn2Own #P2OAuto
23.01.2026 01:56 — 👍 0 🔁 0 💬 0 📌 1
The a highlight from Day 2 of #Pwn2Own Automotive, the team from @synacktiv.com is at it again. This time, they leverage NFC(!) to exploit the #Autel MaxiCharger with a stack-based buffer overflow. Amazing! We've never seen an NFC exploit like this one before. youtube.com/shorts/eGAMc...
22.01.2026 23:45 — 👍 3 🔁 1 💬 0 📌 0
What a day! We saw some amazing research on display as the team from Fuzzware.io takes a huge lead in the Master of Pwn standings. So far, we have award a monstrous $955,750 over 2 days for 66 0-days. For the full results of Day 2 of #Pwn2Own Automotive, see www.zerodayinitiative.com/blog/2026/1/...
22.01.2026 11:22 — 👍 5 🔁 0 💬 0 📌 0
In a highlight from Day One of #Pwn2Own Automotive 2026, @synacktiv.com targets the #Tesla infotainment system. #P2OAuto
youtube.com/shorts/DKYT-...
Another Collision to close out Day 2! BoB::Takedown targeted the Phoenix Contact CHARX SEC-3150, demonstrating three bugs, but ran into two collisions, earning $6,750 USD and 2.75 MoP. #Pwn2Own #P2OAuto
22.01.2026 11:03 — 👍 0 🔁 0 💬 0 📌 0
Wrapping up Day Two of #Pwn2Own Automotive - we saw some amazing research demonstrated today, some of which had never been seen in public before! Join @dustinchilds.bsky.social as he summarizes the highlights and previews the final day. youtu.be/xKZtfblNrHc
22.01.2026 10:59 — 👍 0 🔁 1 💬 0 📌 0
Collision! ZIEN Inc. targeted the ChargePoint Home Flex (CPH50-K), demonstrating two unique bugs (symlink following and command injection) but encountered a collision with a previous attempt - still earning $16,750 USD and 3.5 Master of Pwn points. #Pwn2Own #P2OAuto
22.01.2026 10:48 — 👍 0 🔁 0 💬 0 📌 0
It's the bug of the day for Day Two of #Pwn2Own Automotive 2026, and it's something never been demonstrated before in public. Simply amazing! youtube.com/shorts/WoL94...
22.01.2026 10:47 — 👍 0 🔁 0 💬 0 📌 0
Collision! Evan Grant (@stargravy) targeted the Grizzl-E Smart 40A with the Charging Connector Protocol/Signal Manipulation add-on, hitting two bug collisions, still earning $15,000 USD and 3 Master of Pwn points. #Pwn2Own #P2OAuto
22.01.2026 09:33 — 👍 0 🔁 0 💬 0 📌 0
Verified! Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeted the Alpine iLX-F511, exploiting two unique vulnerabilities to gain root access, earning $5,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto
22.01.2026 09:26 — 👍 0 🔁 0 💬 0 📌 0