Pwn2Own Returns to Ireland with a One Million Dollar WhatsApp Target read file error: read notes: is a directory... 2025-7-31 19:4:37 | 阅读: 20 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com contest pwn2own network cork award

CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability Cisco ISE存在反序列化和命令注入漏洞,攻击者可利用${IFS}变量绕过Java限制,在Docker容器内执行代码,并借助privileged模式逃逸至宿主机,最终获得root权限,Cisco已修复该问题。... 2025-7-25 16:30:0 | 阅读: 31 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com injection payload ise attacker ike

CVE-2025-4919: Corruption via Math Space in Mozilla Firefox Manfred Paul在Pwn2Own Berlin 2025上利用Firefox IonMonkey JIT编译器中的ExtractLinearSum函数漏洞（CVE-2025-4919），通过边界检查绕过实现任意内存读写。该漏洞源于对数学运算空间处理不当，导致错误合并边界检查条件。Mozilla已修复该问题。... 2025-7-15 14:27:27 | 阅读: 31 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com 231 indices mathspace additions

The July 2025 Security Update Review Adobe推迟了7月的安全补丁发布，而微软发布了130多个CVE漏洞补丁，其中10个为关键级别。这些漏洞影响Windows、Office、SQL Server等多个产品，部分可导致远程代码执行或权限提升。建议用户及时更新以应对潜在威胁。... 2025-7-8 17:56:31 | 阅读: 22 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows remote security

Extracting Embedded MultiMediaCard (eMMC) contents in-system read file error: read notes: is a directory... 2025-6-20 15:0:58 | 阅读: 16 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com emmc chip clk vddq signals

The June 2025 Security Update Review read file error: read notes: is a directory... 2025-6-10 17:24:53 | 阅读: 18 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft windows cves security malicious

Pwn2Own Berlin 2025: Day Three Results read file error: read notes: is a directory... 2025-5-17 09:40:13 | 阅读: 11 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com nvidia earns collision pwn2own windows

Pwn2Own Berlin 2025: Day Two Results read file error: read notes: is a directory... 2025-5-16 09:17:17 | 阅读: 18 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com fuzzinglabs earns ventuzelo pwn2own nvidia

Pwn2Own Berlin 2025: Day One Results read file error: read notes: is a directory... 2025-5-15 10:10:50 | 阅读: 16 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com earns collision pwn2own summoning privs

Pwn2Own Berlin: The Full Schedule read file error: read notes: is a directory... 2025-5-14 16:1:41 | 阅读: 15 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com 30000 nvidia thursday triton inference

The May 2025 Security Update Review read file error: read notes: is a directory... 2025-5-13 18:27:2 | 阅读: 18 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows exploited cves

CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS macOS存在一个代码执行漏洞（CVE-2024-44236），因Scriptable Image Processing System（sips）工具在处理ICC Profile文件时未正确验证“lutAToBType”和“lutBToAType”字段导致内存溢出写入。攻击者可通过构造恶意ICC Profile文件诱使用户打开，在目标进程上下文中执行任意代码。该漏洞已修复。... 2025-5-7 18:30:19 | 阅读: 27 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com icc sips victim tagged clut

The April 2025 Security Update Review 微软和Adobe在四月发布安全更新，微软修复124个CVE（含11个Critical漏洞），涉及权限提升、远程代码执行等；Adobe发布12公告修复54个CVE（含多个Critical漏洞），涵盖Cold Fusion、Photoshop等产品。... 2025-4-8 18:14:25 | 阅读: 21 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft attacker windows security cves

MindshaRE: Using Binary Ninja API to Detect Potential Use-After-Free Vulnerabilities 文章探讨了使用Binary Ninja的MLIL构建数据流图以检测Use-After-Free（UAF）漏洞的方法。通过追踪内存分配与使用关系，并结合跨函数可达性分析，识别潜在漏洞。该方法利用SSA变量和指针操作构建图结构，并分析内存释放与引用路径间的关联。尽管存在误报问题，但该技术为静态分析提供了一种有效途径。... 2025-3-27 15:4:21 | 阅读: 20 | 收藏 | 0day Fans - www.thezdi.com memory ssa analysis edges tracked

Building an electric vehicle simulator to research EVSEs 文章描述了一个用于模拟电动汽车充电状态的设备设计和组装过程，旨在帮助研究人员在Pwn2Own Automotive 2025活动中测试充电设备的安全性。该设备基于J1772标准，通过电阻和PWM信号模拟车辆连接和充电请求，并强调了高电压操作中的安全注意事项。... 2025-3-19 18:40:54 | 阅读: 33 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com ev evse simulator j1772 charging

The March 2025 Security Update Review 2025年3月补丁星期二更新中，微软修复了56个CVE漏洞（含6个关键漏洞），Adobe修复了37个CVE漏洞（含多个高危代码执行漏洞）。微软本次更新中有6个漏洞被报告为活跃攻击目标。... 2025-3-11 17:39:36 | 阅读: 7 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com exploited attacker microsoft substance windows

CVE-2024-43639: Remote Code Execution in Microsoft Windows KDC Proxy 微软Windows KDC代理存在整数溢出漏洞（CVE-2024-43639），因缺少Kerberos响应长度检查导致远程代码执行风险。已修补。... 2025-3-4 17:2:27 | 阅读: 25 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com proxy asn1 octets encoder

Announce Pwn2Own Berlin and Introducing an AI Category Pwn2Own 2025将于2025年5月15日至17日在柏林的OffensiveCon会议上举行，新增AI类别并涵盖Web浏览器、云原生/容器、虚拟化等多领域目标，总奖金超百万美元。... 2025-2-24 16:45:33 | 阅读: 23 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com pwn2own tesla contest payouts windows

The February 2025 Security Update Review 这篇文章总结了2025年2月微软和Adobe的安全更新。Adobe修复了45个CVE，涉及多个产品；微软修复了67个CVE，包括三个关键漏洞和两个已被公开利用的漏洞。文章还强调了一些高风险漏洞，并提醒用户及时部署补丁以应对潜在威胁。... 2025-2-11 19:8:38 | 阅读: 46 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com microsoft exploited attacker windows cves

Looking Back at the Trend ZDI Activities from 2024 文章总结了Trend ZDI在2024年的成果：Pwn2Own竞赛发现148个零日漏洞；发布1741个安全公告；内部贡献占40%。未来将继续举办竞赛并加强安全研究。... 2025-2-7 17:11:4 | 阅读: 28 | 收藏 | Zero Day Initiative - Blog - www.thezdi.com pwn2own awarded security zdi contest