Trend Zero Day Initiative
@thezdi
Followers
83K
Following
152
Media
1K
Statuses
4K
Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Austin, Texas
Joined November 2009
Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to @offensive_con and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at
zerodayinitiative.com
If you just want to read the contest rules, click here . Willkommen, meine Damen und Herren, zu unserem ersten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). While...
6
61
251
0
1
5
The Master of Pwn trophy for #Pwn2Own Ireland has arrived. Quoth this raven - hack some more. #P2OIreland
1
9
82
Announcing #Pwn2Own Automotive 2026! We're heading back to Tokyo and we're adding new targets Level 3 charging thanks to @alpitronic & the OCTT thanks to the Open Charge Alliance. Tesla is back, too. Check out the details at
zerodayinitiative.com
If you just want to read the rules, click here . Now entering its third year, Pwn2Own Automotive returns to Automotive World in Tokyo on January 21 – 23, 2026. Over the last two years, we’ve awarded...
0
6
42
No time to read all about #Microsoft's biggest Patch Tuesday ever? Check out the Patch Report for October. @dustin_childs break down the release and highlights the more interesting bugs.
0
1
10
It's #Microsoft's biggest monthly release ever with more than 170 CVEs addressed - including 3 0-days being exploited in the wild. #Adobe had a small release, with a few interesting items. Join @dustin_childs as he breaks down a spooky patch Tuesday
zerodayinitiative.com
I’m currently in Cork, Ireland as we prepare for Pwn2Own Ireland, but that doesn’t stop patch Tuesday from coming. Take a break from your scheduled activities and let’s take a look at the latest...
0
14
34
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing: Trend ZDI researcher Simon Zuckerbraun shows how to go from a crash to a full exploit - & he provides you tools to do the same, including his technique used to get ROP execution.
zerodayinitiative.com
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the following crash ( CVE-2025-5037 / ZDI-CAN-26922 , addressed by...
0
29
165
[ZDI-25-933|CVE-2025-49844] (Pwn2Own) Redis Lua Use-After-Free Remote Code Execution Vulnerability (CVSS 9.8; Credit: Benny Isaacs, Nir Brakha, Sagi Tzadik (@sagitz_))
zerodayinitiative.com
(Pwn2Own) Redis Lua Use-After-Free Remote Code Execution Vulnerability
1
4
27
[ZDI-25-930|CVE-2025-11202] win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus (@gothburz) of Trend Research)
zerodayinitiative.com
win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability
0
3
18
0
4
26
[ZDI-25-926|CVE-2025-58321] Delta Electronics DIALink Directory Traversal Remote Code Execution Vulnerability (CVSS 10.0)
zerodayinitiative.com
Delta Electronics DIALink Directory Traversal Remote Code Execution Vulnerability
0
1
6
Hey @wiz_io - congrats on starting your own contest ( https://t.co/Z3IXmOQnRq) but uh... did you have to cut/paste sections of the rules from @thezdi? Seems like you should at least run that through ChatGPT to reword it. I guess imitation is the sincerest form of plagiarism.
zeroday.cloud
Join the world's top researchers in a competition to find zero-day vulnerabilities in core open-source software powering the cloud. $4.5M prize pool!
1
8
84
CVE-2025-23298: Trend ZDI's @gothburz covers an RCE in the #NVIDIA Merlin Transformers4Rec library. He details the root cause and the patch to fix it. Finally, he highlights highlights several important lessons for the AI/ML security community.
zerodayinitiative.com
While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team discovered a...
5
12
58
[ZDI-25-900|CVE-2025-43346] Apple macOS OGG Audio File Header Parsing Memory Corruption Remote Code Execution Vulnerability (CVSS 8.8; Credit: Hossein Lotfi (@hosselot) of Trend Zero Day Initiative)
zerodayinitiative.com
Apple macOS OGG Audio File Header Parsing Memory Corruption Remote Code Execution Vulnerability
0
4
32
No time to read the blog? Just like living walls and shrubbery? Check out the Patch Report for September 2025. @dustin_childs summarizes the Patch Tuesday release from the @TrendMicro Dallas office and points out the patches with extra flair.
0
2
6
It's a moderate release from both #Adobe and #Microsoft, but there's still lots to cover. Join @dustin_childs as he breaks down the September Patch Tuesday and highlights some fixes that require some extra attention.
zerodayinitiative.com
There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe and Microsoft. Take a break from your scheduled activities and join us as we...
1
4
13
[POC2025] KEYNOTE SPEAKER UPDATE 👤 Brian Gorenc(@MaliciousInput) – "From Buffer Overflows to Breaking AI: Two Decades of ZDI Vulnerability Research" ZDI(@thezdi) also stands with their 20 years! Now AI finds 0days— but the bugs? still the same old mess. #POC2025
1
14
92
We have updated the #Pwn2Own Ireland rules to clarify scoping for WhatsApp for Windows. For WhatsApp for Windows, both “WhatsApp” and the “WhatsApp Beta” applications are in scope for the competition. #P2OIreland
zerodayinitiative.com
If you just want to read the rules, you can find them here . Updated on 8/15 to clarify printer target models. Updated on 8/22 to clarify scoping for WhatsApp for Windows. Last year, we moved our...
0
7
30