Aggregator

Security researchers are tracking a high-severity malware campaign that uses weaponized PDF files to distribute the Winos 4.0 malware. The threat actors impersonate government departments to trick users into opening malicious documents that infect Microsoft Windows machines. The campaign, first observed in early 2025, has since expanded its operations from Taiwan to Japan and Malaysia, […]

The post Winos 4.0 Malware Uses Weaponized PDFs Posing as Government Departments to Infect Windows Machines appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The NSA did not confirm nor deny the allegations made by China’s Ministry of State Security. China said the origins of the attack date back to March 2022.

The post China’s spy agency accuses NSA of yearslong attack on the country’s timekeeping service appeared first on CyberScoop.

Welcome to Pwn2Own Ireland 2025! We have some amazing spooky entries for this year’s contest, and a potential of up to $2,000,000 - including our largest ever single prize for a 0-click in WhatsApp for $1,000,000. As always, we began our contest with a random drawing to determine the order of attempts. If you missed it, you can watch the replay here.

The complete schedule for the contest is below (all times Irish Standard Time [UTC +1]).

Note: All times subject to change

Tuesday, October 21 – 0930

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting SOHO SMASHUP (QNAP Qhora-322 + QNAP TS-453E) in the SOHO category for $100,000 and 10 Master of Pwn Points.

Team Neodyme (@Neodyme) targeting HP DeskJet 2855e in the Printers category for $20,000 and 2 Master of Pwn Points.

Nguyen Hoang Thach (@hi_im_d4rkn3ss), Tan Ze Jian, Lin Ze Wei, Cherie-Anne Lee, Gerrard Tai of STARLabs (@starlabs_sg) targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

@Tek_7987 and @_Anyfun (both working at @Synacktiv) targeting Synology BeeStation Plus in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Tuesday, October 21 – 1130

Stephen Fewer (@stephenfewer) of Rapid7 (@rapid7) targeting Home Assistant Green in the Smart Home category for $40,000 and 4 Master of Pwn Points.

SHIMIZU Yutaro (@shift_crops) of GMO Cybersecurity by Ierae, Inc. targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Synology DiskStation DS925+ in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Tuesday, October 21 – 1400

Team PetoWorks (SungJun Park(@howrealsung), Wonbeen Im(@D0b6y), Dohyun Kim(@d0now_kim), Juyeong Lee(@ju_cheda)) targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

McCaulay Hudson (@_mccaulay) of Summoning Team (@SummoningTeam) targeting Home Assistant Green in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Team ANHTUD targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

dmdung (@_piers2) of STAR Labs SG Pte. Ltd targeting Sonos Era 300 in the Smart Home category for $50,000 and 5 Master of Pwn Points.

You can watch the live stream of this attempt here.

Tuesday, October 21 – 1500

YingMuo (@YingMuo), HexRabbit (@h3xr4bb1t), LJP (@ljp_tw) from DEVCORE Research Team and nella17 (@nella17tw) from DEVCORE Intern Program targeting QNAP TS-453E in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Tuesday, October 21 – 1600

Emanuele Barbeno, Cyrill Bannwart, Yves Bieri, Lukasz D., Urs Mueller of Compass Security (@compasssecurity) targeting Home Assistant Green in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Hank Chen (@hank0438) of InnoEdge Labs targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Team ANHTUD targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

Sina Kheirkhah (@SinSinology) and McCaulay Hudson (@_mccaulay) of Summoning Team (@SummoningTeam) targeting Synology ActiveProtect Appliance DP320 in the Network Attached Storage category for $50,000 and 5 Master of Pwn Points.

Wednesday, October 22 – 0930

Viettel Cyber Security targeting Home Assistant Green in the Smart Home category for $40,000 and 4 Master of Pwn Points.

PHP HOOLIGANS targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

Ho Xuan Ninh (@Xuanninh1412), Hoang Hai Long (@seadragnol) from Qrious Secure targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1000

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Synology BeeStation Plus in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1100

Chumy Tsai (github.com/Jimmy01240397) @ CyCraft Technology Intern targeting QNAP TS-453E in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1130

Team Neodyme (@Neodyme) targeting Home Assistant Green in the Smart Home category for $40,000 and 4 Master of Pwn Points.

TwinkleStar03 (@_twinklestar03) from DEVCORE Intern Program targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

Rafal Goryl (@voix44er) of PixiePoint Security targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1200

Enrique Castillo (@hyprdude), McCaulay Hudson (@_mccaulay), Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting Synology CC400W in the Surveillance Systems category for $30,000 and 3 Master of Pwn Points.

Wednesday, October 22 – 1300

Le Trong Phuc (chanze@VRC) and Cao Ngoc Quy (Chino Kafuu) of Verichains Cyber Force targeting Synology DiskStation DS925+ in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1400

Team ANHTUD targeting Lexmark CX532adwe in the Printers category for $20,000 and 2 Master of Pwn Points.

Ken Gannon / 伊藤 剣 (@yogehi) of Mobile Hacking Lab, and Dimitrios Valsamaras (@Ch0pin) of Summoning Team (@SummoningTeam) targeting Samsung Galaxy S25 - Remote in the Mobile Phones category for $50,000 and 5 Master of Pwn Points.

You can watch a live stream of this attempt here.

Mehdi & Matthieu @Synacktiv targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1430

Team Neodyme (@Neodyme) targeting Amazon Smart Plug in the Smart Home category for $20,000 and 2 Master of Pwn Points.

Wednesday, October 22 – 1500

PHP HOOLIGANS targeting QNAP TS-453E in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1600

Team ANHTUD targeting Home Assistant Green in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Tri Dang (@trichimtrich) from Qrious Secure targeting Samsung Galaxy S25 - Remote in the Mobile Phones category for $50,000 and 5 Master of Pwn Points.

You can watch a live stream of this attempt here.

Wednesday, October 22 – 1700

PHP HOOLIGANS targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Wednesday, October 22 – 1800

Viettel Cyber Security targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

Thursday, October 23 – 0930

Chris Anastasio of Team Cluck targeting Lexmark CX532adwe in the Printers category for $20,000 and 2 Master of Pwn Points.

Daniel Frederic and Julien Cohen-Scali of Fuzzinglabs (@fuzzinglabs) targeting QNAP TS-453E in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Xilokar (@[email protected]) targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

CyCraft Technology targeting Amazon Smart Plug in the Smart Home category for $20,000 and 2 Master of Pwn Points.

Thursday, October 23 – 1030

Interrupt Labs targeting Samsung Galaxy S25 - Remote in the Mobile Phones category for $50,000 and 5 Master of Pwn Points.

You can watch a live stream of this attempt here.

Thursday, October 23 – 1130

Viettel Cyber Security targeting Lexmark CX532adwe in the Printers category for $20,000 and 2 Master of Pwn Points.

Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) targeting QNAP TS-453E in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Yannik Marchand (kinnay) targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

David BERARD of @synacktiv targeting Ubiquiti AI Pro in the Surveillance Systems category for $30,000 and 3 Master of Pwn Points.

Thursday, October 23 – 1230

Team Neodyme (@Neodyme) targeting Canon imageCLASS MF654Cdw in the Printers category for $20,000 and 2 Master of Pwn Points.

Thursday, October 23 – 1330

Interrupt Labs targeting Lexmark CX532adwe in the Printers category for $20,000 and 2 Master of Pwn Points.

Evan Grant (@stargravy) targeting QNAP TS-453E in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Thalium team from Thales Group (@thalium_team) targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Thursday, October 23 – 1500

Eugene (@3ugen3) of Team Z3 targeting WhatsApp - Zero-Click Remote Code Execution in the Messaging category for $1,000,000 and 100 Master of Pwn Points.

Thursday, October 23 – 1530

Bongeun Koo (@kiddo_pwn) and Evangelos Daravigkas (@freddo_1337) of Team DDOS targeting QNAP TS-453E in the Network Attached Storage category for $40,000 and 4 Master of Pwn Points.

Viettel Cyber Security targeting Philips Hue Bridge in the Smart Home category for $40,000 and 4 Master of Pwn Points.

Thursday, October 23 – 1700

Frisk and Opcode from the Inequation Group ctf team targeting Meta Quest 3S - No Interaction LPE - Self Jailbreak in the Wearables category for $30,000 and 3 Master of Pwn Points.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’100% All Achievements” appeared first on Security Boulevard.

Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due to their severity, the company has advised customers to apply the latest firmware updates immediately. CVE-2025-6950 et al. Moxa is a Taiwanese company that specializes in industrial communications, networking, and edge connectivity for operational technology (OT) … More →

The post Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) appeared first on Help Net Security.

Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.

The post Inside the attack chain: Threat activity targeting Azure Blob Storage appeared first on Microsoft Security Blog.