@www.thezdi.com.blog@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Site URL: www.thezdi.com/blog/
Feed URL: www.zerodayinitiative.com/blog/?format=rss
Posts: 14
Followers: 1
The January 2026 Security Update Review
https://www.thezdi.com/blog/2026/1/13/the-january-2026-security-update-review
Published: January 13, 2026 19:01
I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. Put aside you broken New Year’s resolutions for just a moment as we review the latest security patches from Adobe and Microsoft. If you’d rather watch the…
The Alpitronic HYC50 Hardware Teardown for Pwn2Own Automotive 2026
Published: January 12, 2026 16:00
As we ramp up to the premier automotive and charging station hacking competition, Pwn2Own Automotive 2026 in Tokyo, the Trend Micro Zero Day Initiative (ZDI) is providing a preliminary look at one of the main targets: the Alpitronic HYC50 High-Power…
Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part Two
Published: January 9, 2026 15:00
In our previous Kenwood DNR1007XR blog, we detailed the internals of the Kenwood in-vehicle infotainment (IVI) head unit and provided annotated pictures of the main PCB. In this post, we aim to outline the attack surface of the DNR1007XR in the hopes of…
Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One
Published: January 7, 2026 19:09
For the upcoming Pwn2Own Automotive contest, a total of 3 head units have been selected. One of these is the double DIN Kenwood DNR1007XR that offers a variety of functionality such as Android Auto, Apple CarPlay, USB media playback, wireless mirroring and…
The December 2025 Security Update Review
https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review
Published: December 9, 2025 18:29
It’s the final patch Tuesday of 2025, but that doesn’t make it any less exciting. Put aside your holiday planning for just a moment as we review the latest security offering from Adobe and Microsoft. If you’d rather watch the full video recap covering the…
The November 2025 Security Update Review
https://www.thezdi.com/blog/2025/11/11/the-november-2025-security-update-review
Published: November 11, 2025 18:30
I’ve made it through Pwn2Own Ireland, and while many are celebrated those who served their country in the armed services, patch Tuesday stops for no one. So affix your poppy accordingly, and let’s take a look at the latest security offerings from Adobe and…
Pwn2Own Ireland 2025: Day Three and Master of Pwn
https://www.thezdi.com/blog/2025/10/23/pwn2own-ireland-2025-day-three-and-master-of-pwn
Published: October 23, 2025 09:41
Welcome to the third and final day of Pwn2Own Ireland 2025. So far, we’ve awarded $792,750 for 56 unique 0-day bugs, and we still have 17 attempts to go! We’ll be updating this blog with live results as we have them, so refresh often. …
Pwn2Own Ireland 2025 - Day Two Results
https://www.thezdi.com/blog/2025/10/22/pwn2own-ireland-2025-day-two-results
Published: October 22, 2025 10:19
Welcome to Day Two of Pwn2Own Ireland 2025. Yesterday, we awarded $522,500 for 34 unique 0-day bugs. The Summoning Team took a slim lead in the Master of Pwn, but big changes could happen today as we have 19 more attempts today. We’ll be updating this blog…
Pwn2Own Ireland 2025: Day One Results
https://www.thezdi.com/blog/2025/10/21/pwn2own-ireland-2025-day-one-results
Published: October 21, 2025 09:26
Welcome to Day One of Pwn2Own Ireland 2025! We have 17 attempts today with some exciting research on display. We’ll be posting results here as we have them, and follow us on Twitter, Mastodon, and Bluesky. SUCCESS - Team…
Pwn2Own Ireland 2025: The Full Schedule
https://www.thezdi.com/blog/2025/20/pwn2own-ireland-2025-the-full-schedule
Published: October 20, 2025 17:01
Welcome to Pwn2Own Ireland 2025! We have some amazing spooky entries for this year’s contest, and a potential of up to $2,000,000 - including our largest ever single prize for a 0-click in WhatsApp for $1,000,000. As always, we began our contest with a…
Pwn2Own Automotive Returns to Tokyo with Expanded Chargers and More!
Published: October 16, 2025 15:00
If you just want to read the rules, click here. Now entering its third year, Pwn2Own Automotive returns to Automotive World in Tokyo on January 21 – 23, 2026. Over the last two years, we’ve awarded more than $2,000,000 for the latest in automotive…
The October 2025 Security Update Review
https://www.thezdi.com/blog/2025/10/14/the-october-2025-security-update-review
Published: October 14, 2025 18:38
I’m currently in Cork, Ireland as we prepare for Pwn2Own Ireland, but that doesn’t stop patch Tuesday from coming. Take a break from your scheduled activities and let’s take a look at the latest security offerings from Adobe and Microsoft. IIf you’d rather…
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
Published: October 8, 2025 14:00
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the following crash (CVE-2025-5037 / ZDI-CAN-26922, addressed by Autodesk in July 2025): …
CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin
https://www.thezdi.com/blog/2025/9/23/cve-2025-23298-getting-remote-code-execution-in-nvidia-merlin
Published: September 24, 2025 16:41
While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team discovered a critical vulnerability in the NVIDIA Merlin Transformers4Rec…