Security researchers discovered 47 zero-day vulnerabilities across major enterprise platforms during the Pwn2Own Berlin 2026 hacking competition, exposing critical flaws in Windows, Linux, VMware, and NVIDIA systems. The three-day event distributed $1,298,250 in rewards as teams successfully exploited previously unknown security weaknesses in widely deployed software including Microsoft SharePoint, Exchange, Edge browser, and Windows 11.
DEVCORE dominated the competition, claiming 50.5 Master of Pwn points and $505,000 after demonstrating exploits across multiple Microsoft products. STARLabs SG and Out Of Bounds secured second and third positions with $242,500 and $95,750 respectively. The vulnerabilities represent significant exposure for organizations relying on these platforms for critical operations.
Government Response to AI and Communication Security
The U.K. National Cyber Security Centre issued new guidance warning organizations about security risks from agentic artificial intelligence deployments. The agency emphasized that over-privileged or poorly designed AI agents can rapidly escalate single failures into serious security incidents, urging careful evaluation before implementation.
Separately, Poland directed government officials to abandon Signal messaging in favor of mSzyfr, a domestically developed encrypted messenger, citing increased social engineering attacks from advanced persistent threat groups targeting trusted communication platforms.
Key Takeaway
The Pwn2Own results underscore persistent vulnerabilities in enterprise infrastructure that attackers can exploit. Organizations should prioritize patching these disclosed zero-days immediately while reassessing their AI agent privileges and communication security protocols. The shift in attack methodology toward exploiting trusted components rather than traditional break-ins demands updated security frameworks focused on supply chain integrity and privilege management rather than perimeter defense alone.
Article Source: ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories | Image: Photo by Max Kladitin via Pexels
