Hackers exploit 34 zero-days on first day of Pwn2Own Ireland

On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected 22,500 in cash awards.

The highlight of the day was Bongeun Koo and Evangelos Daravigkas of Team DDOS chaining eight zero-day flaws to hack the QNAP Qhora-322 Ethernet wireless router via the WAN interface and gain access to a QNAP TS-453E NAS device. For this successful attempt, they won 00,000 and are now in second place on the Master of Pwn leaderboard with 8 points.

The Zero Day Initiative (ZDI) organizes the event to identify security vulnerabilities in targeted devices before threat actors can exploit them, coordinating responsible disclosure with the affected vendors. After the zero-day flaws are exploited during Pwn2Own events, vendors are given 90 days to release security updates before Trend Micro’s Zero Day Initiative publicly discloses them.

For more information, read the full article here.