Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta – SecurityWeek

A total of $1,024,750 has been paid out at the Pwn2Own Ireland 2025 hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI), but the event has been overshadowed by the last-minute withdrawal of a researcher who was scheduled to demonstrate a WhatsApp exploit worth $1 million.  The highest reward at Pwn2Own Ireland 2025, $100,000, was paid out for an exploit chain targeting the QNAP Qhora-322 router and the QNAP TS-453E NAS device.  Two Samsung Galaxy S25 exploit chains were each rewarded with $50,000, and the same amount was earned for vulnerabilities in Synology ActiveProtect Appliance DP320 and the Sonos Era 300 smart speaker.  Participants received up to $40,000 for hacking Ubiquiti cameras, QNAP and Synology NAS devices, Lexmark and Canon printers, and smart home systems such as Phillips Hue Bridge, Amazon Smart Plug, and Home Automation Green. A total of 73 previously unknown vulnerabilities were disclosed at Pwn2Own Ireland 2025.  A researcher named Eugene (3ugen3) of Team Z3 was scheduled to demonstrate a $1 million zero-click remote code execution exploit against WhatsApp on Thursday.  However, the demonstration did not take place. ZDI initially said there was a delay due to “travel complications and delayed flights”, but noted that the
Read More