Security researchers showcased 28 zero-day vulnerabilities during the Pwn2Own contest held during the OffensiveCon conference in Berlin that ended on Saturday. The flaws allowed ethical hackers to compromise software products used across most enterprises including Microsoft Windows 11, Red Hat Linux for Workstations, Mozilla Firefox, VMware ESXi, VMware Workstation, Oracle VirtualBox, Microsoft SharePoint, Docker, Redis, Chroma, NVIDIA Triton Inference Server and NVIDIA Container Toolkit.
The Pwn2Own contest has been running annually at security conferences for the past 18 years. It is organized by Trend Micro’s Zero Day Initiative (ZDI), a bug bounty program through which researchers can report vulnerabilities to vendors and get paid for reporting them. ZDI uses the advance knowledge of these flaws to develop protection rules for Trend Micro’s customers.
Participating teams of researchers gathered points and monetary rewards for successful attempts at showcasing their exploits against the announced targets. In total, the contest paid out $1,078,750, with $320,000 going to the first place Singapore-based cybersecurity consultancy firm STAR Labs SG.