Synology fixes Beestation zero-days demoed at Pwn2Own Ireland

Synology has released critical security patches addressing zero-day vulnerabilities in its Beestation NAS devices, which were recently demonstrated at the Pwn2Own Ireland hacking competition. These zero-days, exploited by security researchers during the event, highlight significant risks to Synology users if left unpatched. The vulnerabilities could allow attackers to execute arbitrary code or gain unauthorized access to sensitive data stored on the devices. Synology's prompt response in issuing these fixes underscores the importance of timely updates in defending against emerging threats. Users are strongly advised to apply the latest firmware updates immediately to protect their systems from potential exploitation. This incident also emphasizes the growing trend of zero-day vulnerabilities being showcased at security contests, which serve as a double-edged sword by both exposing risks and encouraging vendors to enhance their security posture. Staying informed about such vulnerabilities and maintaining robust cybersecurity hygiene remain essential for organizations and individuals relying on network-attached storage solutions.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 11 Nov 2025 22:35:14 +0000

Cyber News related to Synology fixes Beestation zero-days demoed at Pwn2Own Ireland

Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
2 years ago Bleepingcomputer.com

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
1 year ago Bleepingcomputer.com

VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
1 year ago Bleepingcomputer.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270

Synology fixes Beestation zero-days demoed at Pwn2Own Ireland - Synology has released critical security patches addressing zero-day vulnerabilities in its Beestation NAS devices, which were recently demonstrated at the Pwn2Own Ireland hacking competition. These zero-days, exploited by security researchers during ...
3 weeks ago Bleepingcomputer.com CVE-2023-XXXX CVE-2023-YYYY

Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
2 years ago Bleepingcomputer.com

Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto - The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits targeting consumer products between October 24 and October 27. During the Pwn2Own Toronto 2023 hacking event organized by ...
2 years ago Bleepingcomputer.com

Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 year ago Bleepingcomputer.com CVE-2024-27834

Windows 11 and Red Hat Linux hacked on first day of Pwn2Own - Summoning Team's Sina Kheirkhah was awarded another $35,000 for a Chroma zero-day and an already known vulnerability in Nvidia's Triton Inference Server, while STARLabs SG's Billy and Ramdhan earned $60,000 for escaping Docker Desktop and ...
6 months ago Bleepingcomputer.com

Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
2 years ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own - During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. Palo Alto ...
6 months ago Bleepingcomputer.com

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

Hackers exploit 34 zero-days on first day of Pwn2Own Ireland - The first day of Pwn2Own Ireland 2024 saw an unprecedented exploitation of 34 zero-day vulnerabilities by ethical hackers. This high-profile hacking competition, known for its rigorous challenges, showcased the latest in cybersecurity research and ...
1 month ago Bleepingcomputer.com CVE-2024-XXXX CVE-2024-YYYY

VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
1 year ago Securityweek.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
1 year ago Bleepingcomputer.com CVE-2024-30046

Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
1 year ago Bleepingcomputer.com CVE-2023-46805 CVE-2024-21887 CVE-2021-22893

Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917

Critical Synology Vulnerability Let Attackers Remote Execute Arbitrary Code - CVE-2024-10445: An improper certificate validation vulnerability in the update functionality with a CVSS score of 4.3 that enables adjacent attackers to write limited files. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber ...
8 months ago Cybersecuritynews.com CVE-2024-10445

Pwn2Own hacking contest pays $1 million for WhatsApp exploit - The contest features eight categories targeting mobile phones, messaging apps, home networking equipment, smart home devices, printers, network storage systems, surveillance equipment, and wearable technology, including Meta's Ray-Ban Smart ...
4 months ago Bleepingcomputer.com

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222

49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
1 year ago Cybersecuritynews.com

Zero Trust 2025 - Emerging Trends Every Security Leader Needs to Know - Forward-thinking organizations are embedding Zero Trust principles into broader business strategies rather than treating them as isolated security initiatives. Security leaders must champion this integrated approach to Zero Trust implementation to ...
7 months ago Cybersecuritynews.com

Apple fixes first zero-day bug exploited in attacks this year - Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that ...
1 year ago Bleepingcomputer.com CVE-2024-23222

Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
1 year ago Securityzap.com

Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
1 year ago Feeds.dzone.com