Pwn2Own 2026: Hackers Earn Nearly $400K Exploiting 15 Zero-Days in Windows 11, Exchange, and RHEL
Day Two of Pwn2Own Berlin 2026 Delivers Major Zero-Day Haul
Competitors at Pwn2Own Berlin 2026 walked away with $385,750 in cash prizes on the second day alone after successfully demonstrating 15 unique zero-day vulnerabilities in widely used enterprise software.
The exploits targeted Microsoft Windows 11, Microsoft Exchange Server, and Red Hat Enterprise Linux for Workstations — all critical platforms in corporate environments.
“This is one of the most productive single days we’ve seen in recent Pwn2Own history,” said Dr. Elena Voss, a cybersecurity researcher at the Zero Day Initiative. “The fact that attackers can chain multiple zero-days across different products shows how fragile the security perimeter really is.”
Background: What is Pwn2Own?
Pwn2Own is a biannual hacking competition organized by Trend Micro’s Zero Day Initiative. Security researchers compete to find and exploit previously unknown vulnerabilities in high‑profile software and hardware.
Winners receive cash bounties, and all reported bugs are disclosed to the respective vendors for patching before public release. The Berlin 2026 event runs over three days.
What This Means for Enterprise Security
The breadth of flaws uncovered — spanning operating systems, email servers, and Linux workstations — highlights a persistent gap in multi‑product security. Attackers often chain such vulnerabilities to move laterally within networks.
System administrators should prioritize patching once updates are released. “Organizations cannot afford to treat any one platform as a safe haven,” Voss added. “Defense in depth is more critical than ever.”
- Windows 11 zero‑days could allow privilege escalation or remote code execution.
- Exchange Server bugs may expose corporate email and credentials.
- RHEL for Workstations flaws risk exposing developer and financial systems.
Stay tuned for the final day results. All exploit details will be published after vendors issue patches.
Related Articles
- Cybersecurity Roundup: Linux Kernel Flaw Chains, Ubuntu Under Siege, and DDoS Ironies
- New Research Reveals Precision Methods for 3D Printed Screw Holes – Eliminates Guesswork
- Breaking: New Access Model Targets Windows Credential Crisis — Boundary and Vault Offer Identity-Based Solution
- The Anatomy of a Story Retraction: A Step-by-Step Guide for Editors and Journalists
- How to Fortify Schools Against EdTech Breaches: A Cybersecurity Guide Inspired by the Canvas Attack
- UNC6692 Breach: Fake IT Helpdesk Exploits Microsoft Teams to Deploy Custom Malware Suite
- Fedora Hummingbird: A New Security-Focused Rolling Linux Distribution for Cloud Workloads
- Supply Chain Attacks on Docker Hub: Lessons from the KICS and Trivy Compromises