嗯,用户让我用中文帮他总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述就行。好的,我先仔细看看这篇文章讲的是什么。 文章主要讲的是Pwn2Own Automotive 2026比赛的第二天情况。安全研究人员利用了29个独特的零日漏洞,获得了439,250美元的现金奖励。比赛在东京举行,为期三天,重点是针对电动汽车充电器、车载信息娱乐系统和汽车操作系统进行攻击。 Fuzzware.io团队在这两天里表现突出,获得了213,000美元,并且还在继续得分。其他团队如Summoning Team、Technical Debt Collectors和InnoEdge Labs也分别获得了奖金。到第二天结束时,总奖金达到了955,750美元,共利用了66个零日漏洞。 第三天的比赛安排也提到了一些团队继续攻击特定的目标。此外,文章还回顾了去年和前年的比赛情况,奖金分别为886,250美元和1,323,750美元。最后提到厂商有90天的时间修复这些漏洞,否则TrendMicro会公开披露。 现在我需要把这些信息浓缩到100字以内。重点包括比赛名称、时间、地点、研究人员利用了多少零日漏洞获得多少奖金,以及第二天的总奖金和排名情况。可能还要提到厂商修复漏洞的时间限制。 总结一下:Pwn2Own Automotive 2026第二天在东京举行,研究人员利用29个零日漏洞获43.9万美元奖金;两天累计66个漏洞获95.5万美元;Fuzzware.io领先;厂商有90天修复时间。 这样应该在100字以内了。 </think> Pwn2Own Automotive 2026第二天在东京举行,安全研究人员利用29个零日漏洞获得43.9万美元奖金;两天累计发现66个漏洞获95.5万美元奖励;Fuzzware.io团队领先;厂商需在90天内修复漏洞。 2026-1-22 12:45:27 Author: www.bleepingcomputer.com(查看原文) 阅读量:0 收藏
On the second day of Pwn2Own Automotive 2026, security researchers collected $439,250 in cash awards after exploiting 29 unique zero-days.
The Pwn2Own Automotive hacking contest focuses on automotive technologies and takes place this week in Tokyo, Japan, from January 21 to January 23, during the Automotive World auto conference.
Throughout the competition, security researchers target fully patched electric vehicle (EV) chargers, in-vehicle infotainment (IVI) systems, and car operating systems (e.g., Automotive Grade Linux).
Fuzzware.io currently leads the competition's leaderboard with $213,000 earned after the first two days, and has earned another $95,000 by hacking the Phoenix Contact CHARX SEC-3150 charging controller, the ChargePoint Home Flex EV charger, and the Grizzl-E Smart 40A EV charging station.
Sina Kheirkhah of Summoning Team collected another $40,000 after rooting the Kenwood DNR1007XR navigation receiver, the ChargePoint Home Flex, and the Alpine iLX-F511 multimedia receiver.
Rob Blakely of Technical Debt Collectors and Hank Chen of InnoEdge Labs were also awarded $40,000 each after demonstrating zero-day exploit chains targeting Automotive Grade Linux and the Alpitronic HYC50 charging station.
After the first two days of the contest, security researchers have earned $955,750 in cash awards after exploiting 66 zero-day vulnerabilities.
On the third day of Pwn2Own, the Grizzl-E Smart 40A will be targeted again by Slow Horses of Qrious Secure and the PetoWorks team, while the Juurin Oy team will go after the Alpitronic HYC50, and Ryo Kato will attempt to exploit the Autel MaxiCharger.
On the first day, Synacktiv Team earned $35,000 after successfully chaining an information leak and an out‑of‑bounds write flaw to obtain root permissions on the Tesla Infotainment System via a USB-based attack and an additional $20,000 cash award for chaining three zero-day flaws to gain root-level code execution on the Sony XAV-9500ES digital media receiver.
The full schedule for the second day and the results for each challenge are available here, while the complete schedule for Pwn2Own Automotive 2026 is available here.
During last year's Pwn2Own Automotive competition, hackers collected $886,250 after exploiting 49 zero-days. The previous year, during the Pwn2Own Automotive 2024 contest, they collected another $1,323,750 after demoing 49 zero-day bugs and hacking a Tesla car twice.
Vendors have 90 days to develop and release security fixes for zero-day flaws that are exploited and reported during the Pwn2Own contest, before TrendMicro's Zero Day Initiative publicly discloses them.
7 Security Best Practices for MCP
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
如有侵权请联系:admin#unsafe.sh