VicOne and Trend Micro Stage Pwn2Own Automotive Zero-Day Vulnerability Event to Boost Industry Cybersecurity

VicOne and Trend Micro Stage Pwn2Own Automotive Zero Day Vulnerability Event to Boost Industry Cybersecurity as SDV Trend Reshapes Threats

With automotive system complexity and attack surface both rapidly growing, VicOne set to release new report detailing sharp rise in vulnerabilities and industry recommendations

DETROIT & TOKYO — VicOne, an automotive cybersecurity solutions leader, today announced that it co-hosted with Trend Micro the world’s largest zero-day vulnerability discovery contest, Pwn2Own Automotive 2025, at Automotive World, which took place Jan. 22-24 in Tokyo. Top-tier security researchers performed real-world testing on cutting-edge automotive technologies, all within Trend Micro’s proven Zero Day Initiative (ZDI) platform, the world’s largest vendor-agnostic bug bounty program.

Sina Kheirkhah of Summoning Team was crowned Master of Pwn of the Pwn2Own Automotive 2025, where researchers from 13 countries discovered 49 unique zero-day vulnerabilities during the three-day event. From left: Dustin Childs, Head of Threat Awareness at the ZDI; Sina Kheirkhah, Pwn2Own Automotive 2025 Master of Pwn; Max Cheng, CEO of VicOne; and Brian Gorenc, Vice President of Threat Research at Trend Micro

Pwn2Own Automotive is an annual competition designed to uncover and rectify vulnerabilities in technologies for connected cars. Twenty-one teams of automotive cybersecurity researchers (including individual participants) from 13 countries came together on a global stage to discover 49 unique zero-day vulnerabilities across systems such as in-vehicle infotainment (IVI) systems and electric vehicle (EV) chargers. Sina Kheirkhah of Summoning Team was crowned the Pwn2Own Automotive 2025 Master of Pwn.

“As SDVs (software-defined vehicles) reshape the automotive industry, cybersecurity becomes critical to ensuring their safety and reliability,” said Max Cheng, chief executive officer of VicOne. “Platforms like Pwn2Own Automotive are instrumental to uncovering zero-day vulnerabilities and mitigating risks before they can escalate. By supporting initiatives like this, the industry can proactively strengthen vehicle security, paving the way for safer and more resilient advancements in mobility.”

The automotive industry is evolving with innovations such as SDVs, advanced driver assistance systems (ADASs) and integration of artificial intelligence (AI). These developments promise enhanced functionality and efficiency but also introduce cybersecurity challenges, including risks from generative AI, supply chain vulnerabilities and over-the-air (OTA) updates.

According to the forthcoming VicOne 2025 annual report, the total count of automotive-related vulnerabilities (“CVEs”) published in 2024 reached 530 vulnerabilities, another annual gain and just two short of twice as many as in 2019. The sharp rise in vulnerabilities highlights the rapid growth in both the automotive attack surface and automotive systems.

Cyberattacks in 2024 caused damages exceeding US$22 billion, with US$20 billion attributed to data breaches and personal information leaks, the VicOne annual report will show. Key areas impacted in 2024 included the automobile industry’s suppliers and dealers, who collectively account for the majority of targeted attacks.

Other insights in the report, which is to be released publicly available at VicOne.com:

• The automotive industry must adopt a security-first approach, integrating robust defenses, regulatory compliance and collaborative innovations to mitigate risks and secure the future of mobility.
• Supply chain vulnerabilities will likely dominate cybersecurity events moving forward, with an increase in ransomware and OTA exploitations.
• Emerging threats include AI manipulation, cloud-based attacks and sensor data manipulation in autonomous systems.

At Automotive World 2025, the world’s leading event for advanced automotive technologies convening more than 1,800 companies, VicOne showcased a range of its innovative solutions built from the ground up to protect the connected-car ecosystem:

• xZETA, which offers robust capabilities for tackling software bill of materials (SBOM) and zero-day vulnerabilities
• Smart Cockpit Protection, which leverages AI-driven security to safeguard automotive smart cockpits from data breaches and AI-targeted attacks
• xCarbon, which leverages edge AI processing to analyze vehicle data in real time, enabling early detection and prevention of cyberattacks on and malfunctions in in-vehicle electronic control units (ECUs)
• xNexus, the Vehicle Security Operations Center (VSOC) support platform
• Various security-related services, including risk analysis using the threat assessment and remediation analysis (TARA) process and xScope penetration service, which uses advanced techniques to identify vulnerabilities, recommends specific improvements, and provides customized reports based on client needs

The VicOne booth at Automotive World 2025 also featured the company’s collaborative initiatives with its partner companies. VicOne’s strategic partnerships include original equipment manufacturers (OEMs), hardware suppliers, semiconductor vendors, software developers and service providers.

Founded and singularly focused on spearheading innovation in vehicle cybersecurity, VicOne, the market leader in automotive cybersecurity, provides the most advanced and comprehensive solutions to the automotive industry and galvanizes collective expertise from the sector’s broadest cast of best-of-breed partners. OEMs and suppliers trust VicOne’s purpose-built solutions to stay ahead of evolving threats and safeguard vehicles, drivers and sensitive data.

For more information on VicOne’s holistic approach to cybersecurity— spanning software, hardware and supply-chain ecosystems — please visit https://vicone.com/blog/software-defined-vehicles-navigating-innovation-and-cybersecurity-challenges.

About VicOne

With a vision to secure the vehicles of tomorrow, VicOne delivers a broad portfolio of cybersecurity software and services for the automotive industry. Purpose-built to address the rigorous needs of automotive manufacturers and suppliers, VicOne solutions are designed to secure and scale with the specialized demands of the modern vehicle. As a Trend Micro subsidiary, VicOne is powered by a solid foundation in cybersecurity drawn from Trend Micro’s 30+ years in the industry, delivering unparalleled automotive protection and deep security insights that enable our customers to build secure as well as smart vehicles. For more information, visit VicOne.com.

About Zero Day Initiative (ZDI)

The Zero Day Initiative (ZDI) was launched by Trend Micro in July 2005 to encourage the reporting of zero-day vulnerabilities privately to the affected vendors by financially rewarding researchers. Today, the ZDI represents the world’s largest vendor-agnostic bug bounty program. For more information, visit zerodayinitiative.com.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro’s AI-powered cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend’s platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to simplify and secure their connected world. For more information, visit TrendMicro.com.