The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. This event, held at the OffensiveCon conference from May 14 to May 16, focused on enterprise technologies and artificial intelligence. The competition saw hackers target fully patched products across various categories, including web browsers, enterprise applications, local privilege escalation, servers, local inference, cloud-native/container environments, virtualization, and LLM categories. The top performers were DEVCORE, STARLabs SG, and Out Of Bounds, with DEVCORE winning the most points and cash rewards. The highest reward was $200,000, awarded to Cheng-Da Tsai (Orange Tsai) for chaining three bugs to gain remote code execution with SYSTEM privileges on Microsoft Exchange. The competition highlights the ongoing arms race between hackers and security researchers, with the latter striving to identify and patch vulnerabilities before they can be exploited. However, the challenge lies in the rapid evolution of hacking techniques and the increasing complexity of software systems. As vendors receive 90 days' notice before TrendMicro's Zero Day Initiative publicly discloses vulnerabilities, the race to patch and protect systems is a constant battle. The Pwn2Own contest serves as a stark reminder of the importance of proactive security measures and the need for continuous vigilance in the face of evolving cyber threats.
