Ethical Hacking News
Pwn2Own Berlin 2026: A Thrilling Display of Cybersecurity Vulnerability Hunting
The recent Pwn2Own Berlin 2026 event has concluded, showcasing the ongoing cat-and-mouse game between cybersecurity researchers and malicious actors. Researchers demonstrated exploits against Microsoft Exchange Server, Windows 11, Red Hat Enterprise Linux for Workstations, and even AI-powered code editors like Cursor. The event highlights the importance of regular security audits and vulnerability testing to ensure the robustness of our digital infrastructure.
Total rewards earned by participants: $908,750 for 39 vulnerabilities discovered across two days.A total of 15 unique zero-day vulnerabilities were exploited during the event.The competition saw successful exploits against widely used software products, including Microsoft Exchange Server, Windows 11, and Red Hat Enterprise Linux.DEVCORE led the competition with 40.5 points and $405,000, but the event is still open with one day remaining.Coordinated disclosure of vulnerabilities will be available for vendors to patch within the next 90 days.
The recent Pwn2Own Berlin 2026 event has concluded, showcasing the ongoing cat-and-mouse game between cybersecurity researchers and malicious actors. During this two-day competition, a total of $385,750 was earned by participants for exploiting 15 unique zero-day vulnerabilities in various software products. This brings the total rewards to $908,750 for 39 vulnerabilities discovered across two days.
The event saw researchers successfully demonstrate exploits against Microsoft Exchange Server, Windows 11, Red Hat Enterprise Linux for Workstations, and even AI-powered code editors like Cursor. These successful attacks highlight the presence of serious real-world vulnerabilities in widely used software, even in systems running with full patches. The results underscore the importance of regular security audits and vulnerability testing to ensure the robustness of our digital infrastructure.
Among the notable exploits showcased during Pwn2Own Berlin 2026 was Orange Tsai's four-logic-bug Edge sandbox escape, which earned DEVCORE a commanding lead in the competition. The researcher successfully chained three bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning a substantial $200,000 and 20 Master of Pwn points.
Other notable exploits included Ben Koo of Team DDOS leveraging a use-after-free bug to escalate privileges on Red Hat Enterprise Linux for Workstations, earning him $10,000. Byung Young Yi targeted LiteLLM with an exploit matching a previously demonstrated vulnerability, resulting in a collision rather than a new zero-day, yet still earning $17,750 and partial Master of Pwn points.
Compass Security successfully exploited Cursor, an AI-powered code editor, to earn $15,000. This attack highlights growing security risks across AI-assisted developer tools and infrastructure. Researchers Siyeon Wi demonstrated a Windows 11 privilege escalation flaw caused by an integer overflow bug, earning her $7,500.
The event also saw some exploits fail to yield results due to the time limit constraint. Researchers still showed strong effort, but live conditions and strict timing made reliable exploitation difficult even for well-prepared teams targeting fully patched systems.
As the competition drew to a close, DEVCORE held the top spot with 40.5 points and $405,000, but it is essential to note that the event is still open with one day remaining, and high-value targets like Firefox and AI systems still await exploitation. A single successful exploit could change the rankings, emphasizing the dynamic nature of this competition.
In addition to showcasing vulnerability exploits, Pwn2Own Berlin 2026 also highlighted the importance of coordinated disclosure. The disclosed vulnerabilities will be available for vendors to patch within the next 90 days, turning live exploitation into a means for researchers to demonstrate their findings in a controlled manner.
The event's results underscore the ongoing need for cybersecurity awareness and education, as well as the importance of regular security audits and vulnerability testing. As we move forward in this digital landscape, it is crucial that we prioritize our defenses against emerging threats like those demonstrated at Pwn2Own Berlin 2026.
Related Information:
https://www.ethicalhackingnews.com/articles/Pwn2Own-Berlin-2026-A-Thrilling-Display-of-Cybersecurity-Vulnerability-Hunting-ehn.shtml
https://securityaffairs.com/192209/security/pwn2own-berlin-2026-day-two-385750-more-microsoft-exchange-falls-and-the-running-total-crosses-900k.html
Published: Fri May 15 17:49:57 2026 by llama3.2 3B Q4_K_M
