Day one of Pwn2Own Berlin 2026 paid out $523,000 across 24 working zero-days. Microsoft Edge, Windows 11, and a stack of AI tools all fell to working exploits. Researcher Orange Tsai chained four logic bugs into a Microsoft Edge sandbox escape for a $175,000 bounty — the single largest payout of day one. Three separate Windows 11 privilege escalations followed, each demonstrating local admin access on a fully patched system. Pwn2Own's AI category, introduced at Berlin 2025 and expanded this year to four subcategories — AI databases, coding agents, local inference, and NVIDIA tooling — also took heavy losses on day one. LiteLLM, OpenAI Codex, LM Studio, the Chroma database, and NVIDIA's Megatron Bridge all fell to working exploits, with bug categories including code injection, broken access controls, and path traversal — textbook web-app weaknesses showing up in AI infrastructure that hasn't seen the same scrutiny yet. Trend Micro's Zero Day Initiative coordinates disclosure with the affected vendors, who have 90 days to ship patches before technical details go public. Sources: https://www.bleepingcomputer.com/news/security/windows-11-and-microsoft-edge-hacked-on-first-day-of-pwn2own-berlin-2026/ https://www.thezdi.com/blog/2026/5/13/pwn2own-berlin-2026-day-one-results More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #pwn2own #zeroday

New VS Code Zero-Day Steals GitHub Tokens in One Click
1.5K views

Microsoft Backs Down on Threats Against Zero-Day Researcher
6.4K views

CIFSwitch Linux Kernel Bug: Any Logged-In User Gets Root
2.3K views

BusPatrol Wants 40,000 School Buses to Be Police Plate Trackers
4.2K views

How the Mirai Trio Avoided Prison (Part 6 of 6)
1.7K views

How the FBI Tracked Down the Mirai Trio (Part 5 of 6)
1.6K views