
$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”
From Daily Security Review by Daily Security Review
October 28, 2025 · 20 min · Episode 318
About this episode
The episode discusses the withdrawal of a $1 million WhatsApp exploit at the Pwn2Own Ireland 2025 competition and the ensuing controversy.
The Pwn2Own Ireland 2025 hacking competition was set to feature one of its most anticipated moments — a $1 million zero-click remote code execution exploit against WhatsApp — but the demonstration never happened. Scheduled to be showcased by researcher Eugene of Team Z3, the exploit’s abrupt withdrawal stunned attendees and quickly became the most controversial event of the competition. Organized by Trend Micro’s Zero Day Initiative (ZDI), Pwn2Own had validated the exploit’s entry, fueling expectations that WhatsApp would face a serious zero-day challenge in front of a live audience. Yet when the researcher pulled out hours before the demo, official explanations shifted, and a clash of narratives began to unfold between ZDI, the researcher, and WhatsApp’s parent company, Meta. ZDI initially cited travel issues as the reason for the cancellation, later updating its statement to say the exploit was “not sufficiently prepared for public demonstration.” By evening, ZDI announced that Team Z3 had agreed to a private disclosure, promising to share details confidentially with Meta. Researcher Eugene confirmed the arrangement the following day, explaining that a signed non-disclosure…
People in this episode
Host: Daily Security Review
Topics covered
- WhatsApp exploit
- Pwn2Own competition
- cybersecurity
- zero-day vulnerabilities
- hacking news
Keywords
- exploit
- Pwn2Own
- Eugene
- Meta
- zero-click
- remote code execution
- cybersecurity
- hacking
Mentioned in this episode
Organizations: Team Z3, Trend Micro, Zero Day Initiative, Meta
Products: WhatsApp
More episodes of Daily Security Review
- Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad” · October 29, 2025 · 27 min
- Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs · October 29, 2025 · 37 min
- Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025 · October 28, 2025 · 26 min
- Firefox Add-Ons Must Declare Data Collection—or Be Rejected · October 28, 2025 · 29 min
- Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software · October 28, 2025 · 25 min
- OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw · October 27, 2025 · 35 min
Explore listener stats, chart rankings, contacts and more on the Daily Security Review podcast page.