WINDOWS 11, EDGE BREACHED AT PWN2OWN BERLIN
SECURITY DESK■ 2 MIN READ
THU, MAY 14, 2026■ AI-SUMMARIZED FROM 5 SOURCES ▸ TIMELINE
Security researchers exploited 24 zero-day vulnerabilities in Microsoft's Windows 11 and Edge browser on the first day of Pwn2Own Berlin 2026, collecting $523,000 in prize money.
The annual hacking competition saw rapid success as participants demonstrated critical flaws across Microsoft's flagship operating system and web browser. The $523,000 in awards distributed on day one reflects the severity and value of the vulnerabilities discovered.
Pwn2Own Berlin 2026 brings together elite security researchers from around the world to identify and responsibly disclose zero-day exploits. The competition incentivizes researchers to find bugs before malicious actors can weaponize them, with substantial cash rewards based on vulnerability severity and complexity.
The 24 zero-days found represent a significant number of previously unknown security gaps. Windows 11 and Edge remain primary targets at the event due to their widespread deployment across consumer and enterprise environments. Researchers demonstrating successful exploitation earn recognition and financial rewards while providing Microsoft with detailed technical information needed to develop patches.
Microsoft typically works with competition organizers and researchers to understand each vulnerability's scope and develop fixes. The company has a history of addressing zero-days discovered at Pwn2Own events through regular security updates.
Pwn2Own Berlin continues through multiple days, with additional categories covering other software and hardware platforms. Past editions have revealed vulnerabilities in browsers, operating systems, virtual machines, and IoT devices.
The discovery of these vulnerabilities at a controlled event allows Microsoft and security researchers to collaborate on fixes before attackers gain access to exploit code. Participants sign agreements ensuring responsible disclosure practices and preventing the premature public release of exploit details.
For enterprise users and Windows 11 adopters, the findings underline the importance of maintaining current patch levels and security practices. Microsoft's regular update cycle allows users to receive fixes for reported vulnerabilities within standard servicing timelines.
■ MORE FROM THE SECURITY DESK
Cybercriminals have transformed DDoS attacks into a polished, commercialized service complete with pricing tiers, customer support, and reseller programs. The DDoS-as-a-Service market has evolved from basic tools into sophisticated attack platforms.
13H AGO— Industry Desk
Microsoft faced backlash after threatening a security researcher with criminal investigation, reigniting debate over software vulnerability disclosure practices and corporate responsibility.
13H AGO— Security Desk
Google is deploying Device Bound Session Credentials (DBSC) to all Chrome users, a security feature designed to prevent account takeovers by protecting session cookies from theft.
13H AGO— Industry Desk
Dutch authorities have dismantled a major botnet comprising 17 million infected devices and seized over 200 servers hosting the operation at a local provider.
13H AGO— Security Desk