Pwn2Own Day 2: Hackers Exploit 56 Zero-Days for $790,000
The second day of the Pwn2Own Ireland 2025 hacking competition has come to a close, with security researchers raking in a staggering amount of cash. The total haul for the two-day event stands at $792,750, marking a significant increase from last year's prize money.
Chain Reaction: Samsung Galaxy S25 Hacked
The day's top exploit was courtesy of Ken Gannon of Mobile Hacking Lab and Dimitrios Valsamaras of Summoning Team. They successfully breached the Samsung Galaxy S25 with a chain of five security flaws, earning themselves a cool $50,000 and 5 Master of Pwn points in the process.
The hackers' victory is a testament to their skill and persistence, as they managed to identify and exploit multiple vulnerabilities in the flagship smartphone.
Quick Strike: QNAP TS-453E NAS Device Exploited
Meanwhile, PHP Hooligans needed only a single second to hack the QNAP TS-453E NAS device. While this may seem like a quick and easy win, it's worth noting that the vulnerability they exploited had already been used in previous contests.
Despite this, the PHP Hooligans still managed to earn $20,000 for their efforts, bringing the total number of cash prizes awarded so far to over $170,000.
Multiple Targets Hit
In addition to the Samsung Galaxy S25 and QNAP TS-453E NAS device, several other targets were hit by the hackers. Chumy Tsai of CyCraft Technology, Le Trong Phuc and Cao Ngoc Quy of Verichains Cyber Force, and Mehdi & Matthieu of Synacktiv Team all earned $20,000 for exploiting zero-day bugs in various devices.
The Canon imageCLASS MF654Cdw printer, Home Automation Green, Synology CC400W camera, Synology DS925+ NAS, Amazon Smart plug, and Lexmark CX532adwe printer were among the other targets hit by the hackers.
Summoning Team Leads the Way
As of the end of Day 2, Summoning Team is still at the top of the Master of Pwn leaderboard with an impressive 18 points. They earned a whopping $167,500 over the course of the two days, cementing their position as one of the top teams in the competition.
The event will continue on its third and final day, with the hackers targeting the Samsung Galaxy S25, multiple NAS devices, and printers.
About Pwn2Own Ireland 2025
The Pwn2Own Ireland 2025 hacking competition is being co-sponsored by Meta, Synology, and QNAP, with the event taking place from October 21 to October 23 in Cork. This year's contest features eight categories targeting flagship smartphones, printers, network storage systems, home networking equipment, messaging apps, smart home devices, surveillance equipment, and wearable technology.
Each category has its own unique set of challenges and rewards, with the hackers competing against each other to identify and exploit the most vulnerabilities.
Patch Timeline
For vendors, the competition is not over yet. After the event ends, they have 90 days to release patches before Zero Day Intelligence (ZDI) publicly discloses the vulnerabilities.
This means that if a vendor fails to patch their devices or software in time, they could face significant security risks and potential financial penalties.
About the Zeroday Cloud Hacking Contest
The Zeroday Cloud hacking contest offers $4.5 million in bounties for identifying zero-day vulnerabilities in cloud-based systems.
This contest is separate from Pwn2Own Ireland 2025 but shares a similar goal of identifying and exploiting security flaws.