Assetnote discovered and demonstrated a zero-day remote code execution vulnerability affecting Mozilla's AWS network infrastructure. The article appears to be a landing page for Assetnote's security research capabilities rather than detailed technical analysis.
A researcher discovered a zero-day Server-Side Template Injection (SSTI) vulnerability in the Handlebars template engine used in Shopify's Return Magic app, achieving Remote Code Execution by exploiting Object.prototype methods and the Function constructor to bypass sandbox restrictions. The exploit leverages the 'with' helper and Object.prototype.defineProperty() to inject arbitrary code through email workflow templates.
Pwn2Own Berlin 2026 announces its competition framework for May 14, 2026, featuring 31 targets across 10 categories with over $1,000,000 in prizes, including expanded AI categories (Databases, Coding Agents, Local Inference) and new AWS Firecracker targets alongside traditional virtualization, browsers, and enterprise applications.