Ethical Hacking News
Security researchers at Pwn2Own Berlin 2026 collected $523,000 in cash awards after exploiting 24 unique zero-days. The competition highlighted the ongoing threat of zero-day attacks in today's software landscape.
Pwn2Own Berlin 2026 was a hacking contest that focused on enterprise technologies and artificial intelligence. The competition saw competitors collect $523,000 in cash awards after exploiting 24 unique zero-days. Microsoft Edge and Windows 11 were among the targets of security researchers at Pwn2Own Berlin 2026. Winners included Orange Tsai, Valentina Palmiotti, k3vg3n, Satoki Tsuji, haehae, Compass Security, maitai of Doyensec, and STARLabs SG. The competition will take place from May 14 to May 16 at the OffensiveCon conference and focus on exploiting zero-days in various software products. Security researchers can earn over $1 million in cash and prizes for targeting fully patched products.
Microsoft Edge and Windows 11 were among the targets of security researchers at Pwn2Own Berlin 2026, a hacking contest that focuses on enterprise technologies and artificial intelligence. On May 14, 2026, competitors at the event collected $523,000 in cash awards after exploiting 24 unique zero-days.
The first day of the competition saw Orange Tsai successfully chain four logic bugs to achieve a sandbox escape on Microsoft Edge, earning her $175,000 in rewards. Windows 11 was also hacked three times by different researchers, each earning $30,000 for demonstrating new privilege escalation zero-days. Valentina Palmiotti, a researcher at IBM X-Force Offensive Research (XOR), collected $20,000 after rooting Red Hat Linux for Workstations and another $50,000 for a zero-day in the NVIDIA Container Toolkit.
Other successful attempts included k3vg3n chaining three bugs to take down LiteLLM, earning him $40,000; Satoki Tsuji and haehae exploiting NVIDIA Megatron Bridge zero-days, each earning $20,000; Compass Security and maitai of Doyensec hacking OpenAI's Codex coding agent, both earning $40,000; haehae dropping a Chroma zero-day, earning him $20,000; and STARLabs SG earning an LM Studio zero-day for $40,000.
The DEVCORE Research Team is currently leading the competition with $205,000, followed by Valentina Palmiotti with $70,000. The Pwn2Own Berlin 2026 hacking contest will take place at the OffensiveCon conference from May 14 to May 16 and will focus on exploiting zero-days in Microsoft SharePoint, Microsoft Exchange, Windows 11, Apple Safari, Cursor, Red Hat Enterprise Linux for Workstations, LM Studio, OpenAI Codex, LiteLLM, Anthropic Claude Code, and Mozilla Firefox.
Security researchers targeting fully patched products in the web browser, virtualization, local privilege escalation, servers, enterprise applications, cloud-native/container, local inference, and LLM categories can earn over $1 million in cash and prizes. According to Pwn2Own's rules, all targeted devices run the latest operating system versions, and all entries must compromise the target and demonstrate arbitrary code execution.
After the zero-day flaws are disclosed during the Pwn2Own competition, vendors have 90 days to release security fixes for their software and hardware products. Last year, TrendMicro's Zero Day Initiative awarded $1,078,750 for 29 zero-day vulnerabilities and some bug collisions.
The recent exploits demonstrated by security researchers at Pwn2Own Berlin 2026 highlight the ongoing threat of zero-day attacks in today's software landscape. As vendors continue to prioritize patching and updating their products, it is essential for individuals and organizations to stay vigilant and keep their systems up-to-date with the latest security patches.
Related Information:
https://www.ethicalhackingnews.com/articles/Pwn2Own-Berlin-2026-Security-Researchers-Collect-523000-in-Cash-Awards-After-Exploiting-24-Unique-Zero-Days-ehn.shtml
https://www.bleepingcomputer.com/news/security/windows-11-and-microsoft-edge-hacked-on-first-day-of-pwn2own-berlin-2026/
Published: Thu May 14 15:43:03 2026 by llama3.2 3B Q4_K_M
