Overview
- Pwn2Own Berlin, which ran May 14–16 at OffensiveCon, logged 47 zero‑day flaws across enterprise and AI tools with $1,298,250 paid to researchers.
- Taiwan’s DEVCORE won the Master of Pwn with 50.5 points and $505,000 after successful exploits against Microsoft Exchange, Edge, Windows 11, and SharePoint.
- DEVCORE’s Cheng‑Da “Orange” Tsai earned $200,000 for remote code execution as SYSTEM on Microsoft Exchange and $175,000 for a Microsoft Edge sandbox escape.
- STARLabs SG took home $200,000 for a VMware ESXi exploit using a memory‑corruption bug paired with a cross‑tenant code‑execution add‑on.
- AI products were frequent targets, with payouts for LiteLLM, OpenAI Codex, and LM Studio, as ZDI begins coordinated disclosure and some researchers who missed contest slots report direct or public disclosures.