Day two of Pwn2Own Berlin 2026 saw hackers unleash devastating attacks on enterprise software and AI tools, adding $385,750 in bug bounties to bring the total to $908,750.
Orange Tsai from DEVCORE stole the show with a brutal Microsoft Exchange exploit, chaining three vulnerabilities to achieve remote code execution with SYSTEM privileges. The attack earned $200,000 and highlights Exchange's role as a critical enterprise target.
Security researchers also compromised Windows 11 through an integer overflow bug and hit multiple AI coding platforms including Cursor IDE and OpenAI Codex. These AI tools are becoming prime targets due to their access to source code and developer workflows.
DEVCORE leads the competition with $405,000 in winnings, but the final day promises more zero-day discoveries as vendors scramble to patch newly exposed vulnerabilities.
Source: Cyber Security News