Unfortunately, Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) could not get his exploit of the TrueNAS Mini X working within the time allotted.

Sadly, the Neodyme (@neodyme) team could not get their exploit of the Lexmark CX331adwe printer working within the time allotted.

We have another collision. The DEVCORE Research Team (@d3vc0r3) successfully exploited the Lorex 2K camera, but they used a bug previously seen in the contest. They still earn $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIreland

I thought I understood the extent to which the broad availability of mobile location data has exacerbated countless privacy and security challenges. That is, until I was invited along with four other publications to be a virtual observer in a 2-weeek test run of Babel Street, a service that lets users draw a digital polygon around nearly any location on a map of the world, and view a time-lapse history of the mobile devices seen coming in and out of the area.

The issue isn't that there's some dodgy company offering this as a poorly-vetted service: It's that *anyone* willing to spend a little money can now build this capability themselves.

I'll be updating this story with links to reporting from other publications also invited, including 404 Media, Haaretz, NOTUS, and The New York Times. All of these stories will make clear that mobile location data is set to massively complicate several hot-button issues, from the tracking of suspected illegal immigrants or women seeking abortions, to harassing public servants who are already in the crosshairs over baseless conspiracy theories and increasingly hostile political rhetoric against government employees.

https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

Yes- I’m looking at you!

Wow…. https://www.windowscentral.com/microsoft/report-arm-is-sensationally-canceling-qualcomms-chip-license-oct-2024

As a reminder - you can find all of the results from Day Two of #Pwn2Own Ireland at https://www.zerodayinitiative.com/blog/2024/10/23/pwn2own-ireland-2024-day-two-results #P2OIreland

#directorytraversalmemes

Confirmed! PHP Hooligans / Midnight Blue (@midnightbluelab) used a command injection bug to get code execution on the Synology BeeStation BST150-4T. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OIreland