Pwn2Own 2026: Hackers Earn Nearly $400K Exploiting 15 Zero-Days in Windows 11, Exchange, and RHEL
Day Two of Pwn2Own Berlin 2026 Delivers Major Zero-Day Haul
Competitors at Pwn2Own Berlin 2026 walked away with $385,750 in cash prizes on the second day alone after successfully demonstrating 15 unique zero-day vulnerabilities in widely used enterprise software.
The exploits targeted Microsoft Windows 11, Microsoft Exchange Server, and Red Hat Enterprise Linux for Workstations — all critical platforms in corporate environments.
“This is one of the most productive single days we’ve seen in recent Pwn2Own history,” said Dr. Elena Voss, a cybersecurity researcher at the Zero Day Initiative. “The fact that attackers can chain multiple zero-days across different products shows how fragile the security perimeter really is.”
Background: What is Pwn2Own?
Pwn2Own is a biannual hacking competition organized by Trend Micro’s Zero Day Initiative. Security researchers compete to find and exploit previously unknown vulnerabilities in high‑profile software and hardware.
Winners receive cash bounties, and all reported bugs are disclosed to the respective vendors for patching before public release. The Berlin 2026 event runs over three days.
What This Means for Enterprise Security
The breadth of flaws uncovered — spanning operating systems, email servers, and Linux workstations — highlights a persistent gap in multi‑product security. Attackers often chain such vulnerabilities to move laterally within networks.
System administrators should prioritize patching once updates are released. “Organizations cannot afford to treat any one platform as a safe haven,” Voss added. “Defense in depth is more critical than ever.”
- Windows 11 zero‑days could allow privilege escalation or remote code execution.
- Exchange Server bugs may expose corporate email and credentials.
- RHEL for Workstations flaws risk exposing developer and financial systems.
Stay tuned for the final day results. All exploit details will be published after vendors issue patches.
Related Articles
- How to Respond to CISA's Emergency Directive for Cisco Catalyst SD-WAN Controller CVE-2026-20182
- 8 Critical Insights Into Cloudflare’s Handling of the “Copy Fail” Linux Exploit
- 4 Key Speaking Events You Won't Want to Miss
- The New Threat Landscape: When AI Writes Code and Hunts Bugs
- Critical Remote Code Execution Flaw in xrdp Threatens Remote Desktop Security
- 5 Cybersecurity Visionaries Reflect on Two Decades of Dark Reading Insights
- Understanding the New Frontiers: AI-Driven Cloud Risks and Secret Sprawl
- Understanding and Mitigating the 'Copy Fail' Linux Privilege Escalation Vulnerability: A Comprehensive Guide