A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.

Researchers warn that although exploitation of the zero-day is complex, a functional exploit exists in the wild.

The tech giant doesn’t provide details about the severity of vulnerabilities it discloses, but none of the new defects are under active attack.

The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher.

The software defects, which have a maximum-severity rating, do not require authentication and allow remote attackers to execute code arbitrarily on the underlying system.

Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn’t made any commitments to patch or remediate the issue.

The findings underscore the challenge of improving security in a market that prizes cheap and functional networking equipment.

This is a “radical concept" for ICS vendors, one organizer said.

Team "Flouroacetate" — aka Amat Cama and Richard Zhu — used the Tesla hack to cap off a dominant run in the competition.

Thursday's slate of demonstrations includes more attacks against web browsers — this time, it's Mozilla Firefox and Microsoft Edge.