Article Details

Synology fixes BeeStation zero-days demoed at Pwn2Own Ireland. Synology has addressed a critical-severity remote code execution (RCE) vulnerability in BeeStation products that was demonstrated at the recent Pwn2Own hacking competition. The security issue (CVE-2025-12686) is described as a ‘buffer copy without checking the size of input’ problem, and can be exploited to allow arbitrary code execution. It impacts multiple versions of BeeStation OS, the software powering Synology’s network-attached storage (NAS) devices marketed as a consumer-oriented  “personal cloud.” There are no mitigations available, so the vendor recommends that users upgrade to the following versions, which address : Researchers Tek and anyfun at French cybersecurity company Synacktiv exploited the flaw in a demonstration during the Pwn2Own Ireland 2025 contest on October 21st. For their successful exploitation, the two researchers received a $40,000 reward. A three-day hacking competition organized by Trend Micro and the Zero Day Initiative (ZDI), Pwn2Own gives security researchers the opportunity to hack popular consumer devices using zero-day vulnerabilities. The most recent event held in Ireland had researchers demonstrating 73 zero-day flaws across a broad range of products and winning more than $1 million. Last week, another major NAS vendor, QNAP, fixed a total of seven zero-day vulnerabilities in multiple devices from the company, which white-hat hackers had shown at Pwn2Own Ireland this year. ZDI has a disclosure agreement with companies participating in Pwn2Own and holds off publishing the technical details of the security issues until patches are available and users have had sufficient time to apply the updates. More details about these flaws will be disclosed in the coming months on ZDI’s bulletin board and, in some cases, on personal blog spaces of the researchers themselves. The 2026 CISO Budget Benchmark It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026. Learn how top leaders are turning investment into measurable impact.