:

PWNTOGETHER: $385K IN BOUNTIES FOR 15 ZERO-DAYS

DEV DESK2 MIN READ
SAT, MAY 16, 2026

■ AI-SUMMARIZED FROM 5 SOURCES ▸ TIMELINE

Security researchers claimed nearly $386,000 in prize money on day two of Pwn2Own Berlin 2026 after discovering 15 previously unknown vulnerabilities across Windows 11, Red Hat Enterprise Linux, and other major platforms.

The second day of the annual hacking competition saw competitors successfully exploit critical zero-day flaws in enterprise and consumer software, demonstrating significant security gaps in widely-used systems. The $385,750 in bounties reflects the severity and exploitability of the vulnerabilities discovered. Pwn2Own Berlin serves as a controlled environment where ethical hackers demonstrate security flaws to vendors before public disclosure, allowing companies time to develop and release patches. Windows 11 and Red Hat Enterprise Linux dominated the vulnerability disclosures, two of the most critical operating systems in use across consumer, corporate, and government environments. The breadth of affected platforms underscores the ongoing challenge of securing complex software ecosystems. Pwn2Own competitions typically attract top security researchers worldwide who compete for substantial cash prizes and recognition. The event structure incentivizes responsible disclosure—researchers report vulnerabilities to organizers and vendors rather than exploiting them maliciously. Vulnerabilities discovered at Pwn2Own are reported to affected vendors through a coordinated disclosure process. Companies receive details of the flaws and are given time to develop patches before information becomes public, typically at security conferences or through vendor advisories. The competition highlights the value security researchers place on finding zero-days and the financial incentive structures that support responsible vulnerability research. By offering significant bounties, events like Pwn2Own redirect potential exploit development away from black markets and toward legitimate security improvement. Full results from Pwn2Own Berlin 2026 will likely provide detailed technical information about the discovered vulnerabilities, vendor responses, and potential patches. Security teams should monitor official channels from Microsoft and Red Hat for updates addressing flaws uncovered during the competition.

■ SOURCES

TechmemeTechmemeTechmemeTechmemeTechmeme

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against American organizations. The action targets infrastructure providers facilitating cyber threats.

2H AGOSecurity Desk

As scam calls and messages proliferate, ordinary people are turning the tables on fraudsters through scambaiting—deliberately engaging scammers to waste their time and resources.

5H AGOIndustry Desk

Security researchers have identified a defensive technique called "context bombing" that uses prompt injections to trigger an attacker's own AI guardrails, reducing the success rate of AI-based hacking attempts by approximately 90%.

5H AGOAI Desk

The Los Angeles Police Department has declined to renew its contract with Flock Safety, citing data privacy concerns. The decision marks a shift in the department's approach to automated license plate reader technology.

11H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.