Huge thanks for the keynote 💙 It was fantastic. Brian Gorenc (@MaliciousInput) – From Buffer Overflows to Breaking AI: Two Decades of ZDI Vulnerability Research 🎤 #POC2025

Announcing #Pwn2Own Ireland! Our fall contest is on the move (again) as we head to Cork, Ireland. We also welcome @Meta as a sponsor with #WhatsApp being a target at $300K. Plus the return of the SOHO Smashup. Read all the details at https://t.co/kZvILTJtr8 #P2OIreland

Congrats to @mrpowell @izobashi and @chudyPB for making the list.

Recapping #Pwn2Own Vancouver 2023. We had an amazing contest and awarded over $1 million (plus a Tesla Model 3) for 27 unique 0-days. Join ZDI's @MaliciousInput and @dustin_childs as they go through all the highlights of this year's event. https://t.co/ASK9Z6Q1eR

Since no one from the MSRC is here at #Pwn2Own, we're disclosing the Teams exploit over a Teams call. You can join us if you want to hear the details:

CONFIRMED! @Synacktiv used a heap overflow & an OOB write to exploit the Infotainment system on the Tesla. When they gave us the details, we determined they actually qualified for a Tier 2 award! They win $250,000 and 25 Master of Pwn points. 1st ever Tier 2 award. Stellar work!

In a #Pwn2Own first, AI was involved in a successful exploit. The @claroty team used @openai 's #ChatGPT to write one of the backend modules used in their RCE of #Softing edgeAggregator. What a time to be alive.

This year at #BHUSA, @MaliciousInput & @dustin_childs present “Calculating Risk in the Era of Obscurity: Reading Between the Lines of Security Advisories” - A look at how enterprises can estimate risk in an era where patches aren't what they used to be.

The @Synacktiv team shows off their remote exploit of the #Tesla Model 3. Earlier today, this research earned them $75,000 during #Pwn2Own.

Happy to sponsor and look forward to attending.

Thank you @TrendMicro and @thezdi for supporting #OffensiveCon22 as gold sponsors! https://t.co/texUG1Kn6m

An analysis of a #Parallels #Desktop stack clash vulnerabilities. @renorobertr describes some recently patched bugs and looks at how Binary Ninja’s static data flow capability can be used in automating bug finding tasks.

Announcing #Pwn2Own Austin! Our fall contest includes phones, printers, NAS devices and more. More than $500,000 USD in cash and prizes are available as 22 different devices will be put to the test. Read all of the details at

With that last award, we're now at $1,020,000 awarded for the contest with 9 attempts to go. It's the first time we've crossed the million dollar mark at #Pwn2Own. More to come...

The live drawing for #Pwn2Own will be at 9am Eastern tomorrow (April 6). You can watch the draw and all the contest live on YouTube at

We’re supporting community #security research by partnering with @thezdi for this year’s #Pwn2Own competition – check out the details and get involved here:

Here's a quick preview of the Master of Pwn trophy for the upcoming #Pwn2Own. @creatify is adding LEDs to this version, and so far, it looks amazing.

CVE-2021-27076: A complex bug that leads to reliable code execution. @HexKitchen details this replay-style deserialization attack against #Microsoft #SharePoint. As a reminder, we're paying $50k for SharePoint exploits at #Pwn2Own.

For everyone finding variants while analyzing the in-the-wild #Exchange bugs, remember they are worth $200K at the upcoming #Pwn2Own contest. Bugs reported at the event have a 90-day disclosure timeline. Remember, no more patch Tuesdays before the contest.

A successful #VMware #ESXi demo at #Pwn2Own is worth $150K. @_wmliang_ had 2 unauth RCEs in ESXi patched last week. Not only does he break down the details in his latest blog, he went further & wrote a full code execution exploit for one of the bugs.