PWNTOGETHER: $385K IN BOUNTIES FOR 15 ZERO-DAYS
DEV DESK■ 2 MIN READ
SAT, MAY 16, 2026■ AI-SUMMARIZED FROM 5 SOURCES ▸ TIMELINE
Security researchers claimed nearly $386,000 in prize money on day two of Pwn2Own Berlin 2026 after discovering 15 previously unknown vulnerabilities across Windows 11, Red Hat Enterprise Linux, and other major platforms.
The second day of the annual hacking competition saw competitors successfully exploit critical zero-day flaws in enterprise and consumer software, demonstrating significant security gaps in widely-used systems.
The $385,750 in bounties reflects the severity and exploitability of the vulnerabilities discovered. Pwn2Own Berlin serves as a controlled environment where ethical hackers demonstrate security flaws to vendors before public disclosure, allowing companies time to develop and release patches.
Windows 11 and Red Hat Enterprise Linux dominated the vulnerability disclosures, two of the most critical operating systems in use across consumer, corporate, and government environments. The breadth of affected platforms underscores the ongoing challenge of securing complex software ecosystems.
Pwn2Own competitions typically attract top security researchers worldwide who compete for substantial cash prizes and recognition. The event structure incentivizes responsible disclosure—researchers report vulnerabilities to organizers and vendors rather than exploiting them maliciously.
Vulnerabilities discovered at Pwn2Own are reported to affected vendors through a coordinated disclosure process. Companies receive details of the flaws and are given time to develop patches before information becomes public, typically at security conferences or through vendor advisories.
The competition highlights the value security researchers place on finding zero-days and the financial incentive structures that support responsible vulnerability research. By offering significant bounties, events like Pwn2Own redirect potential exploit development away from black markets and toward legitimate security improvement.
Full results from Pwn2Own Berlin 2026 will likely provide detailed technical information about the discovered vulnerabilities, vendor responses, and potential patches. Security teams should monitor official channels from Microsoft and Red Hat for updates addressing flaws uncovered during the competition.
■ MORE FROM THE SECURITY DESK
Cybercriminals have transformed DDoS attacks into a polished, commercialized service complete with pricing tiers, customer support, and reseller programs. The DDoS-as-a-Service market has evolved from basic tools into sophisticated attack platforms.
11H AGO— Industry Desk
Microsoft faced backlash after threatening a security researcher with criminal investigation, reigniting debate over software vulnerability disclosure practices and corporate responsibility.
11H AGO— Security Desk
Google is deploying Device Bound Session Credentials (DBSC) to all Chrome users, a security feature designed to prevent account takeovers by protecting session cookies from theft.
11H AGO— Industry Desk
Dutch authorities have dismantled a major botnet comprising 17 million infected devices and seized over 200 servers hosting the operation at a local provider.
11H AGO— Security Desk