// #vulnerability-research
4 articles
Pwn2Own Berlin 2026 Closes: DEVCORE Wins Master of Pwn with $505K and 50.5 Points — $1.3M Total Across 47 Zero-Days
Pwn2Own Berlin 2026 concluded with DEVCORE Research Team winning the Master of Pwn title with $505,000 in earnings and 50.5 points, driven by Orange Tsai's Exchange SYSTEM RCE chain and consistent results across multiple targets. The three-day competition produced 47 unique zero-day vulnerabilities across enterprise products, cloud infrastructure, and AI tools, with $1,298,250 in total prize money awarded.
Pwn2Own Berlin 2026 Day 2: DEVCORE Chains Three Bugs for Exchange SYSTEM RCE — 15 Zero-Days and $385K Awarded
The second day of Pwn2Own Berlin saw DEVCORE's Orange Tsai chain three previously unknown vulnerabilities to achieve SYSTEM-level remote code execution on fully patched Microsoft Exchange Server, earning $200,000. Day 2 also featured Red Hat Enterprise Linux LPE, additional Windows 11 privilege escalation, and LM Studio AI exploitation across 15 unique zero-days.
Pwn2Own Berlin 2026 Day 1: Windows 11 Hacked Three Times, Edge Sandbox Escaped for $175K — 24 Zero-Days Demonstrated
The first day of Pwn2Own Berlin 2026 saw researchers demonstrate 24 previously unknown vulnerabilities across Windows 11, Microsoft Edge, VMware Workstation, and Oracle VirtualBox. Windows 11 was compromised three separate times by different teams, and a full Microsoft Edge sandbox escape earned a $175,000 award. No CVE IDs have been assigned yet as vendors begin the 90-day remediation process.
Anthropic's Claude Mythos AI Discovers Thousands of Zero-Days Across Every Major OS — Project Glasswing Offers Private Access
Anthropic's specialised vulnerability-hunting AI, Claude Mythos, has systematically discovered thousands of zero-day vulnerabilities across Windows, macOS, Linux, and major browsers — including a 17-year-old NFS RCE in FreeBSD and a 27-year-old OpenBSD denial-of-service. Project Glasswing provides private early access to Microsoft, Google, Apple, and select others. The implications for enterprise risk governance are immediate.
Commentary tagged #vulnerability-research
2026's Linux Kernel LPE Cluster Is Not Bad Luck — It Is a Research Dividend
Four significant Linux kernel local privilege escalation vulnerabilities in three months is a pattern worth examining. The kernel is not suddenly getting worse. Security research intensity is increasing, and the backlog of unaudited kernel subsystems is being worked through.
CipherWatch Editorial
Security Intelligence Platform
Two PAN-OS GlobalProtect Authentication Bypasses in Three Months Is a Pattern, Not a Coincidence
CVE-2026-0257, a second actively exploited Palo Alto Networks GlobalProtect authentication bypass in the same three-month window as CVE-2026-0300, is not bad luck. It reflects the structural dynamics of high-value attack surface concentration: when enterprise VPN infrastructure is widely deployed, highly privileged, and technically complex, it attracts sustained, focused research from both legitimate researchers and threat actors.
CipherWatch Editorial
Security Intelligence Platform
Pwn2Own Proves the Software Is Breakable. Enterprise Patching Pretends It Isn't.
Pwn2Own Berlin Day 1 saw Windows 11 compromised three separate times, Edge's sandbox escaped, and two hypervisors defeated. Vendors will patch the reported bugs within 90 days. The enterprise response to Pwn2Own results is almost universally: nothing. We treat demonstrated zero-days as vendor problems until they become CVEs, and we treat CVEs as patch management problems until they become incidents.
CipherWatch Editorial
Security Intelligence Platform