Nice intro for beginners to bluetooth communications reverse engineering (Domyos EL500) Credits Juan Carlos Jiménez jcjc-dev.com/2023/03/19/rev… #bluetooth

Congratulations goes out to the winners of the CyberSci 2023 National Finals Team Adamant Ace from the University of Waterloo! We look forward to seeing you representing Canada at the World Finals in San Diego! #CyberSci #CyberSecurity #Canada

Sometimes bug disclosures go smoothly. Then there are other times. The Dustin Childs discusses some of the adventures in vulnerability disclosure in his latest blog. zerodayinitiative.com/blog/2023/6/7/…

Pwn2Own returns to Toronto this October! The SOHO Smashup category is back, and for 2023, we're introducing a Surveillance category featuring WiFi cameras. More than $1,000,000 in cash and prizes are available. Read the details at zerodayinitiative.com/blog/2023/7/12…

🖥️ Can’t make it to Vegas this summer? Join remotely for Jeremy Blackthorne's (Jeremy Blackthorne) #training "Symbolic Execution with #angr on Real-World Targets", and learn how to perform symbolic and concolic execution with angr! 🎟️ ringzer0.training/trainings/symb…

Congratulations to Brian Gorenc (Brian Gorenc) on being recognized by ISC2 with their Sr Professional Award. His work as the leader of Trend's ZDI has resulted in the disclosure of over 11,000 bugs. It's great to see his work recognized. industry. isc2.org/Insights/2023/…

To celebrate Wyze's decision to release a firmware update a day before this years Pwn2Own Toronto competition.. I've decided to release the exploit for my (killed) bugchain: github.com/blasty/unwyze .. maybe next time they will not withhold patches for critical bugs? 🙃

With so many high achieving people in security it’s common to feel like you never get enough work done. You should always take a step back and appreciate yourself. If you worked hard it will compound! Keep the momentum up! 💪

I remember watching her presentations and was inspired to reach her level of technical expertise one day. What a tragic loss and sad day for the community. RIP Sophia.

Announcing #Pwn2Own Ireland! Our fall contest is on the move (again) as we head to Cork, Ireland. We also welcome Meta as a sponsor with #WhatsApp being a target at $300K. Plus the return of the SOHO Smashup. Read all the details at zerodayinitiative.com/blog/2024/7/16… #P2OIreland

In the 1st of a 3 part series, Michael DePlante & Nicholas Zubrisky detail link following bugs. How they work, what vendors do to prevent them, and how researchers can bypass protections to exploit them. Includes examples from recent 0-days in #Avast. zerodayinitiative.com/blog/2024/7/29…

In the 2nd part of the series on using link following bugs for LPE on #Windows, Michael DePlante & Nicholas Zubrisky detail using alternate data stream to bypass protections. Examples getting LPE on ESET provided. Stay tuned for the final blog entry tomorrow. zerodayinitiative.com/blog/2024/7/30…

Announcing #Pwn2Own Automotive 2025! Last time, we awarded over $1,300,000 and we have more than a million in cash and prizes again - including a #Tesla! We've also mixed up the targets a bit to increase the challenges. Read the detail (and rules) here: zerodayinitiative.com/blog/2024/9/23…

2024 was a significant year for decompilation, constituting a possible resurgence in the field. Major talks, the thirty-year anniversary of research, movements in AI, and an all-time high for top publications in decompilation. Join me for a retrospective: mahaloz.re/dec-progress-2…

Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to offensivecon and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at zerodayinitiative.com/blog/2025/2/24…

CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability: Trend ZDI analyst Bobby Gould details this bug and another that may be a dupe. He also shows how it can be exploited. zerodayinitiative.com/blog/2025/7/24…

Announcing #Pwn2Own Ireland for 2025! We return to the Emerald Isle with our new partner Meta and a $1,000,000 WhatsApp bounty. Yes - one million dollars. Plus new USB attack vectors on phones and more. Check out the details at zerodayinitiative.com/blog/2025/7/30…

Join us at for a special celebration as Trend Zero Day Initiative (Trend Zero Day Initiative) turns 20 tomorrow at Black Hat! Discover two decades of groundbreaking threat research and get a chance to win exciting prizes. Everyone is welcome! More info here: spr.ly/6015fuqRD

Thank you Microsoft Security Response Center for inviting Trend Zero Day Initiative to the researcher party ah Blackhat. Come same hi to grab a ZDI challenge coin. Petrus Germanicus Michael DePlante

Don't forget to also checkout the cloud side of the attack in the blog written by Nitesh Surana trendmicro.com/en_us/research…