Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Apple Hide My Email Flaw Exposed Real User Email Addresses
July 1, 2026
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Home/CyberSecurity News/Pwn2Own Day 2: Critical Zero-Days in Microsoft Exchange, Windows 11 Exploited
CyberSecurity News

Pwn2Own Day 2: Critical Zero-Days in Microsoft Exchange, Windows 11 Exploited

Key Takeaways Day two of Pwn2Own Berlin 2026 revealed 15 new zero-day vulnerabilities, bringing the event total to 39. A critical remote code execution (RCE) chain targeting Microsoft Exchange,...

Marcus Rodriguez
Marcus Rodriguez
May 16, 2026 4 Min Read
50 0

Key Takeaways

  • Day two of Pwn2Own Berlin 2026 revealed 15 new zero-day vulnerabilities, bringing the event total to 39.
  • A critical remote code execution (RCE) chain targeting Microsoft Exchange, achieving SYSTEM privileges, was the most significant exploit, earning $200,000.
  • Windows 11 and Red Hat Enterprise Linux were successfully targeted with privilege escalation exploits.
  • AI-powered development tools like Cursor IDE, OpenAI Codex, and LM Studio also demonstrated critical vulnerabilities.
  • DEVCORE currently leads the competition with $405,000 and 40.5 Master of Pwn points.

Day two of Pwn2Own Berlin 2026 intensified the offensive security competition, unveiling a new wave of critical zero-day exploits across enterprise software, operating systems, and emerging AI tools. The event continues to highlight the expanding attack surface faced by modern organizations and the sophisticated techniques employed by top-tier researchers.

Table Of Content

  • Key Takeaways
  • Microsoft Exchange RCE Takes Center Stage
  • Operating System Vulnerabilities in Windows 11 and Linux
  • AI and Developer Tools Under Attack
  • What You Should Do

Following a robust first day, the second day of the contest added $385,750 in prize money for 15 newly discovered zero-day vulnerabilities. This brings the cumulative rewards to $908,750 for 39 unique bugs identified so far. DEVCORE maintains its dominant position on the leaderboard, largely attributed to a high-impact compromise of Microsoft Exchange.

Microsoft Exchange RCE Takes Center Stage

The most impactful exploit on day two originated from Orange Tsai of DEVCORE. Tsai successfully chained three distinct vulnerabilities to achieve remote code execution (RCE) with SYSTEM-level privileges on a Microsoft Exchange server, as detailed by Zero Day Initiative. This full-chain attack was awarded $200,000 and 20 Master of Pwn points, marking it as the highest-value exploit demonstrated at the event to date.

Exploits targeting Microsoft Exchange are particularly severe due to the server’s central role in enterprise communication infrastructure. A successful RCE grants attackers complete control over email systems, potentially facilitating corporate espionage, enabling lateral movement within a network, and leading to extensive data exfiltration. Such a breach could allow an attacker to covertly access internal communications, deploy malware, or impersonate high-ranking executives in targeted phishing campaigns.

Operating System Vulnerabilities in Windows 11 and Linux

Operating systems remained a prime target for researchers. Siyeon Wi successfully exploited an integer overflow vulnerability in Windows 11, which resulted in elevated privileges and a payout of $7,500. While this monetary reward is comparatively smaller, privilege escalation vulnerabilities are crucial as they can transform limited user access into full administrative control over a system.

On the Linux front, Ben Koo from Team DDOS demonstrated a use-after-free flaw to escalate privileges on Red Hat Enterprise Linux. This exploit underscores the persistent challenge of memory safety issues in foundational operating systems, which continue to be a source of critical vulnerabilities.

AI and Developer Tools Under Attack

This year’s Pwn2Own highlighted a notable increase in exploits targeting AI and developer-focused tools. Key compromises included:

  • Two separate teams successfully exploited vulnerabilities in Cursor IDE, an AI-assisted coding environment, confirming multiple weaknesses in such platforms.
  • The Summoning Team executed a novel exploit chain to compromise OpenAI Codex.
  • Researchers from OtterSec successfully demonstrated a code-injection attack against LM Studio.

These findings emphasize a significant trend: AI-powered development tools are becoming high-value targets for threat actors due to their inherent access to sensitive source code and integration into critical developer workflows.

Not all attempts proved successful. Exploits aimed at Apple Safari, Microsoft SharePoint, and Mozilla Firefox failed during execution, illustrating the increasing difficulty of developing reliable exploits, even when underlying vulnerabilities are present. Additionally, several entries resulted in “collision” outcomes, where researchers demonstrated valid exploits for bugs that had already been discovered by other teams. While still rewarded, these instances highlight overlapping research efforts within the cybersecurity community.

With only one day remaining, DEVCORE leads the competition with 40.5 points and $405,000 in earnings. However, the race for the “Master of Pwn” title remains competitive. As more zero-days are anticipated, affected vendors, including Microsoft, Red Hat, and various AI platform providers, will face an urgent task to develop and deploy patches for these newly exposed vulnerabilities.

Pwn2Own Berlin continues to serve as a critical early warning system for defenders, showcasing how quickly multiple vulnerabilities can be chained together to create devastating exploits that could soon emerge in real-world attack scenarios.

What You Should Do

  • Monitor official vendor advisories closely for patches related to Microsoft Exchange, Windows 11, Red Hat Enterprise Linux, and any AI development tools you utilize.
  • Prioritize the immediate application of security updates once they become available.
  • Implement robust network segmentation, especially for critical servers like Microsoft Exchange, to limit lateral movement in case of a breach.
  • Employ endpoint detection and response (EDR) solutions to detect and respond to suspicious activity that could indicate privilege escalation or RCE attempts.
  • Regularly audit configurations for all critical systems and enforce the principle of least privilege for all user accounts.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitMalwarePatchphishingSecurityVulnerabilityzero-day

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

JDownloader Site Compromised, Delivers Malware Via Infected Installers

Next Post

Critical macOS Kernel Exploit Developed for Apple M5 Chip

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Citrix NetScaler ADC and Gateway Bugs Allow DoS, Memory Overflow
July 1, 2026
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us