22.10.2025
2 min
484
On the second day of the Pwn2Own Ireland 2025 competition, cybersecurity researchers discovered 56 new zero-day vulnerabilities, earning $792,750 in prize money. The most notable was the Samsung Galaxy S25 hack using a chain of five exploits, which earned Mobile Hacking Lab and Summoning Team $50,000 and 5 points in the *Master of Pwn* rating. Other participants included PHP Hooligans, CyCraft Technology, Verichains Cyber Force and Synacktiv, who successfully exploited vulnerabilities in QNAP TS-453E, Synology DS925+ and Philips Hue Bridge devices, receiving $20,000 each.
Researchers also demonstrated zero-day bugs in Canon imageCLASS MF654Cdw, Amazon Smart Plug, Lexmark CX532adwe and Home Automation Green home automation systems. The Summoning Team has the most points and prize money after two days of competition — 18 points and $167,500 in prize money.
The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), is giving vendors 90 days to release patches before the vulnerabilities are made public. On the final day, participants will once again attack the Samsung Galaxy S25, NAS devices and printers, while Team Z3 will attempt to show a zero-click exploit for WhatsApp, which could bring in $1 million.
The Pwn2Own Ireland 2025 event, which takes place in Cork from October 21 to 24, has eight categories this year, including smartphones (**Samsung Galaxy S25, iPhone 16, Pixel 9**), printers, NAS, smart devices, surveillance cameras and even wearables like the Meta Quest 3/3S. The organizers have expanded the attack possibilities – now participants can hack USB ports of smartphones even in a locked state, in addition to the usual Wi-Fi, Bluetooth and NFC channels.
Last year, hackers found more than 70 zero-days, earning $1.07 million, and Viettel Cyber Security became the main winner with $205,000.
The Pwn2Own Ireland 2025 competition once again confirmed that even the latest devices of leading brands remain vulnerable to attacks. And although such events occur within the framework of ethical hacking, the results have a direct impact on improving global cybersecurity.
Every zero-day found is potentially saved user data that could become a target for real criminals.
