Ethical hackers exploit zero-day vulnerabilities for popular operating systems, browsers, VMs and AI frameworks

Security researchers showed 28 zero-day loopholes in the PWN2OWN competition in Berlin, which ended on Saturday. The flaws allowed ethical hackers to improve software products used across most enterprises including Microsoft Windows 11, Red Hat Linux for Workstations, Mozilla Firefox, VMware ESXi, VMware Workstation, Oracle VirtualBox, Microsoft SharePoint, Docker, Redis, Chroma, NVIDIA Triton Inference Server and NVIDIA Container Toolkit.

For the past 18 years, the PWN2OWN competition has been held annually at security conferences. It is organized by Trend Micro’s Zero Day Program (ZDI), a vulnerability bounty program through which researchers can report vulnerability to suppliers and receive reported compensation. ZDI uses the advance knowledge of these flaws to set protection rules for Trend Micro’s customers.

The participating team of researchers collected points and monetary rewards to successfully demonstrate their utilization of the announced goals. The match paid a total of $1,078,750, of which $320,000 will be awarded Singapore’s Cybersecurity Consultancy company Star Labs SG.