Pwn2Own Ireland 2025 Concludes with Record $1M+ in Bug Bounties and Summoning Team's Master of Pwn Victory

 

Pwn2Own Ireland 2025 has officially wrapped up, marking a highly successful hacking competition that rewarded **73 unique zero-day vulnerabilities** with a total of **$1,024,750**. The three-day event showcased exceptional security research across consumer devices, IoT systems, surveillance equipment, and more—ultimately crowning the **Summoning Team** as this year's Master of Pwn champions.

## Record-Breaking Numbers and Impressive Participation

The competition lived up to its reputation as the premier platform for vulnerability researchers to demonstrate cutting-edge exploit techniques. Over the course of the event, security professionals attempted 17 different exploits on day three alone, building on the 56 unique zero-day bugs and $792,750 awarded in the first two days.

The event's success wouldn't have been possible without significant support from key partners. **Meta** served as the primary partner, while **Synology** and **QNAP** provided crucial co-sponsorship that strengthened the competition's scope and credibility.

Swedish Banks and Government Unite to Strengthen National Cybersecurity

 

Swedish Banks and State Unite to Strengthen Cybersecurity Resilience

Sweden’s central bank, Riksbank, together with national security organisations and the financial sector, has launched a strategic initiative to deepen cooperation between state-operated cyber defence centres and the IT security teams of banks, insurers, and other financial players.

Nimbus Manticore Malware Campaign Puts Defense and Telecom on Alert

 

Nimbus Manticore Intensifies Attacks on Defense and Telecom Sectors With New Malware

The Iranian state-aligned threat actor Nimbus Manticore has escalated its cyber-espionage operations against defense manufacturing, telecommunications, and aviation sectors across Western Europe. Leveraging new malware variants and novel evasion techniques, this advanced persistent threat (APT) group is sharpening its tradecraft to infiltrate high-value targets.

The Hidden Payload: PUP Ads Used for Silent Malware Drops

 

Hackers Exploit PUP Advertisements to Silently Drop Windows Malware

Cybersecurity investigators have uncovered a stealthy campaign in which threat actors are abusing seemingly harmless potentially unwanted program (PUP) advertisements to deliver Windows malware.

MURKY PANDA Cyber Espionage: A New Threat to Government and Professional Services

 

MURKY PANDA: Threat Actor Targeting Government and Professional Services

A sophisticated China-linked threat actor known as MURKY PANDA has emerged as a significant cybersecurity concern, conducting widespread cyberespionage operations against government, technology, academic, legal, and professional services entities across North America since late 2024.

Credential Theft Alert: Microsoft 365 Users Targeted by Multi-Stage Redirect Scams

 

New Phishing Campaign Exploits Link Wrapping to Target Microsoft 365 Users

Cybercriminals are leveraging trusted security tools like Proofpoint and Intermedia’s link wrapping services in a sophisticated phishing campaign aimed at stealing Microsoft 365 credentials.

According to researchers from the Cloudflare Email Security team, attackers are now abusing legitimate email security features to bypass detection and lure users to credential-harvesting pages using a multi-layered redirection technique.

Ingram Micro Faces 3.5TB Data Leak Threat from SafePay Ransomware Group

 

Ingram Micro Faces 3.5TB Data Leak Threat from SafePay Ransomware Group

Some regional websites still recovering as threat actors set August 1 deadline

Cybercriminals behind the recent ransomware attack on Ingram Micro have set a deadline to leak 3.5 terabytes of stolen company data, according to a post published by the SafePay ransomware group on July 29. The attackers say they will release the trove on August 1, escalating the pressure on the global IT distributor in a classic double extortion move.