Microsoft Trade, Home windows 11 hacked on 2nd day of Pwn2Own

​Right through the second one day of Pwn2Own Berlin 2026, competition amassed $385,750 in money awards after exploiting 15 distinctive zero-day vulnerabilities in more than one merchandise, together with Home windows 11, Microsoft Trade, and Crimson Hat Endeavor Linux for Workstations.

The Pwn2Own Berlin 2026 hacking festival takes position on the OffensiveCon convention from Would possibly 14 to Would possibly 16 and specializes in undertaking applied sciences and synthetic intelligence.

Safety researchers can earn over $a million in money and prizes via hacking absolutely patched merchandise within the internet browser, undertaking packages, cloud-native/container environments, virtualization, native privilege escalation, servers, native inference, and LLM classes.

In step with Pwn2Own’s regulations, all centered units run the most recent running device variations, and all entries will have to compromise the objective and show arbitrary code execution. Distributors have 90 days to patch their tool and {hardware} after the zero-days are disclosed at Pwn2Own.

The spotlight of the second one day used to be Cheng-Da Tsai (sometimes called Orange Tsai) of DEVCORE Analysis Workforce incomes $200,000 after chaining 3 insects to achieve far flung code execution with SYSTEM privileges on Microsoft Trade.

Siyeon Wi additionally amassed $7,500 after exploiting an integer overflow malicious program to hack Home windows 11, and Ben Koo of Workforce DDOS escalated privileges to root on Crimson Hat Endeavor Linux for Workstations to earn a $10,000 money prize, whilst 0xDACA and Noam Trobishi used a use-after-free malicious program to take advantage of the NVIDIA Container Toolkit.

Within the AI class, Le Duc Anh Vu of Viettel Cyber Safety hacked the Cursor AI coding agent for $30,000, Sina Kheirkhah of Summoning Workforce demoed an OpenAI Codex zero-day ($20,000), and Compass Safety exploited Cursor ($15,000).

At the first day, Orange Tsai earned some other $175,000 after chaining 4 common sense insects for a Microsoft Edge sandbox get away, whilst Valentina Palmiotti (chompie) of IBM X-Drive Offensive Analysis amassed $20,000 for rooting Crimson Hat Linux for Workstations and $50,000 for an NVIDIA Container Toolkit zero-day.

Home windows 11 used to be additionally hacked thrice on day one via Angelboy and TwinkleStar03 (operating with the DEVCORE Internship Program), Kentaro Kawane of GMO Cybersecurity, and Marcin Wiązowski, each and every incomes $30,000 in money rewards for demonstrating new privilege-escalation zero-days.

At the 3rd day of Pwn2Own, the hackers will goal Microsoft Home windows 11, VMware ESXi, Crimson Hat Endeavor Linux, Microsoft SharePoint, and a number of other AI coding brokers.

The overall time table for the second one day and the effects for each and every problem are to be had right here, whilst the entire time table for Pwn2Own Berlin 2026 is to be had right here.

Right through remaining yr’s Pwn2Own Berlin contest, TrendMicro’s 0 Day Initiative awarded 1,078,750 for 29 zero-day flaws and a few malicious program collisions.