Ethical Hacking News
Pwn2Own Berlin 2026 has concluded its second day, with hackers cashing in on zero-day vulnerabilities in multiple products. The competition has seen competitors collect a substantial amount of cash awards, highlighting the importance of proactive vulnerability management and robust security measures.
Pwn2Own Berlin 2026 has concluded its second day of intense vulnerability exploitation, showcasing zero-day vulnerabilities in Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. The competition collected a total of $385,750 across 15 unique zero-day vulnerabilities, with top winners earning significant cash awards. The Pwn2Own competition tests the resilience of enterprise technologies and artificial intelligence systems against sophisticated cyber threats. A notable winner, Cheng-Da Tsai, earned $200,000 by chaining three bugs to gain remote code execution with SYSTEM privileges on Microsoft Exchange. The competition highlights the need for organizations to assess their AI-powered systems against sophisticated attacks and ensure they are adequately secured against zero-day vulnerabilities.
Pwn2Own Berlin 2026, a renowned hacking competition that takes place at the OffensiveCon conference, has concluded its second day of intense vulnerability exploitation. Competitors from various teams have successfully showcased their skills in exploiting zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. This year's Pwn2Own Berlin 2026 has seen hackers collect a substantial amount of cash awards, with the total amount reaching $385,750 across 15 unique zero-day vulnerabilities.
The Pwn2Own competition is designed to test the resilience of enterprise technologies and artificial intelligence systems against sophisticated cyber threats. It provides security researchers with an opportunity to demonstrate their expertise in identifying and exploiting vulnerabilities in fully patched products. The competition's focus on enterprise technologies makes it a significant event for organizations looking to assess the robustness of their systems against modern-day attacks.
The second day of Pwn2Own Berlin 2026 saw Cheng-Da Tsai (also known as Orange Tsai) from DEVCORE Research Team earn $200,000 after chaining three bugs to gain remote code execution with SYSTEM privileges on Microsoft Exchange. This impressive feat demonstrates the severity and potential impact of zero-day vulnerabilities in enterprise systems.
Other notable winners include Siyeon Wi, who collected $7,500 for exploiting an integer overflow bug in Windows 11, and Ben Koo from Team DDOS, who earned a $10,000 cash prize by escalating privileges to root on Red Hat Enterprise Linux for Workstations. Furthermore, 0xDACA and Noam Trobishi exploited the NVIDIA Container Toolkit using a use-after-free bug, demonstrating the potential for sophisticated attacks against cloud-native/container environments.
The competition's AI category also saw notable performances, with Le Duc Anh Vu of Viettel Cyber Security earning $30,000 for hacking the Cursor AI coding agent. Sina Kheirkhah from Summoning Team demoed an OpenAI Codex zero-day, netting them a $20,000 cash award. Compass Security also demonstrated a successful exploit of the Cursor AI coding agent, taking home $15,000.
Pwn2Own Berlin 2026's AI category is particularly significant given the increasing reliance on artificial intelligence and machine learning in modern systems. The competition highlights the need for organizations to assess their AI-powered systems against sophisticated attacks and ensures that they are adequately secured against zero-day vulnerabilities.
The competition's results will undoubtedly serve as a wake-up call for vendors, who have 90 days to patch their software and hardware after the zero-days are disclosed at Pwn2Own. The success of this year's competitors underscores the importance of proactive vulnerability management and highlights the need for organizations to invest in robust security measures.
The full schedule for Pwn2Own Berlin 2026 is available, offering insight into the various challenges that competitors faced during the second day of the competition. It also provides an opportunity for readers to engage with the latest developments in the world of cybersecurity and stay up-to-date on the most recent vulnerabilities and exploits.
Related Information:
https://www.ethicalhackingnews.com/articles/Pwn2Own-Berlin-2026-Hackers-Cash-In-on-Zero-Day-Vulnerabilities-ehn.shtml
https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
Published: Fri May 15 13:04:03 2026 by llama3.2 3B Q4_K_M
