The Pwn2Own Berlin 2026 hacking contest has kicked off with a bang, showcasing the vulnerabilities of major tech giants like Microsoft, Apple, and NVIDIA. The event, which runs from May 14 to May 16 at the OffensiveCon conference, is a testament to the ever-evolving landscape of cybersecurity. With a focus on enterprise technologies and artificial intelligence, the contest offers a unique platform for security researchers to test the limits of their skills and expose potential weaknesses in popular software and hardware.
One of the most notable achievements on the first day was Orange Tsai's successful attempt to hack Microsoft Edge. Tsai's exploit involved chaining four logic bugs to achieve a sandbox escape, earning him a substantial $175,000 in rewards. This highlights the importance of secure coding practices and the need for continuous updates and patches to address emerging vulnerabilities.
Windows 11 also faced multiple successful hacks, with Angelboy, TwinkleStar03, Marcin Wiązowski, and Kentaro Kawane each demonstrating new privilege escalation zero-days. These exploits earned them $30,000 in cash rewards, underscoring the critical nature of these vulnerabilities and the need for proactive measures to protect against them.
Valentina Palmiotti, from IBM X-Force Offensive Research (XOR), also made significant strides, rooting Red Hat Linux for Workstations and exploiting a zero-day in the NVIDIA Container Toolkit. These achievements demonstrate the diverse range of targets and the potential impact of successful exploits.
The DEVCORE Research Team currently leads the competition with $205,000, followed by Valentina Palmiotti with $70,000. The contest continues on the second day, with competitors targeting zero-days in Microsoft SharePoint, Microsoft Exchange, Windows 11, Apple Safari, Cursor, Red Hat Enterprise Linux for Workstations, LM Studio, OpenAI Codex, LiteLLM, Anthropic Claude Code, and Mozilla Firefox.
The Pwn2Own Berlin 2026 contest serves as a stark reminder of the ongoing battle between hackers and software vendors. While the event provides a platform for researchers to test their skills and expose vulnerabilities, it also underscores the importance of proactive security measures and continuous updates to protect against emerging threats. As AI and other advanced technologies continue to evolve, the need for robust cybersecurity practices will only become more critical.
In my opinion, the Pwn2Own Berlin 2026 contest is a fascinating insight into the world of cybersecurity. It highlights the importance of secure coding practices, the need for continuous updates and patches, and the ongoing battle between hackers and software vendors. As a security researcher, I find it particularly interesting to see how new vulnerabilities are discovered and exploited, and how vendors respond to these threats. The contest also serves as a reminder of the critical role that security researchers play in protecting our digital world.
