Hackers exploit 52 zero days For pwn2Own Ireland contest.

We often think about hackers as the villains in cybersecurity, but that is only half the story. There is another side to hacking. There are those, called ethical hackers, who fight for internet security. While everyone focuses on creating more secure systems, these people do the dirty work of finding vulnerabilities that already exist.

The Pwn2Own competition, held annually for many years, is a showcase of ethical hacking at its finest. This year in Ireland, hackers competed for a share of a $1 million prize, targeting devices that were supposed to be fully patched. On just the first day, 52 zero-day exploits were discovered, with $486,000 in prize money awarded—an impressive start to the four-day event.

While it can be alarming to see how skilled hackers can infiltrate seemingly secure devices, events like Pwn2Own remind us just how vital ethical hackers are. Without them uncovering these vulnerabilities, malicious hackers would have the upper hand in the ongoing fight for cybersecurity. White hat hackers are an essential, though often underappreciated, part of keeping our digital world secure.

It’s no surprise, then, that demand for ethical hackers and penetration testers is on the rise. Their work provides software engineers with the insights they need to patch vulnerabilities—before the bad actors have a chance to exploit them. Without ethical hackers, the only time we’d learn about security flaws would be when it’s too late.

Lazarus Group Exploits Chrome to control user devices.

Lazarus Group is a North Korean organization that has been active since 2010, catching the attention of the U.S. government for just as long. As an Advanced Persistent Threat (APT), specifically APT38, their cyberattacks are notorious. Their latest strike involved a fake NFT game designed to trick users into handing over control of not just their Chrome browser, but their entire device.

The attack exploited two vulnerabilities through a script running in the Chrome browser. First, they gained read and write privileges, allowing them to access Chrome’s registry memory. From there, they leveraged a second exploit to jump from browser control to full access of the user’s PC—a sophisticated move that underscores the importance of being cautious with what you download.

What makes this particularly concerning is that Lazarus Group is backed by a nation-state. While it’s expected that these kinds of organizations target companies and governments, they are equally willing to exploit ordinary citizens. Even worse, they have the resources to execute large-scale social engineering campaigns

For instance, this fake game wasn’t just a standalone scam. Multiple social media accounts were created to publicize it, and advertisements were run to lure in unsuspecting users. It’s believed they even stole the game’s code from a legitimate company and repurposed it to steal money from players. With the use of these stolen resources and advancements like AI, they’re able to create highly convincing products that fool even careful users. This serves as a stark reminder that now, more than ever, we must remain vigilant online.