:

WINDOWS 11, EDGE BREACHED AT PWN2OWN BERLIN

SECURITY DESK2 MIN READ
THU, MAY 14, 2026

■ AI-SUMMARIZED FROM 5 SOURCES ▸ TIMELINE

Security researchers exploited 24 zero-day vulnerabilities in Microsoft's Windows 11 and Edge browser on the first day of Pwn2Own Berlin 2026, collecting $523,000 in prize money.

The annual hacking competition saw rapid success as participants demonstrated critical flaws across Microsoft's flagship operating system and web browser. The $523,000 in awards distributed on day one reflects the severity and value of the vulnerabilities discovered. Pwn2Own Berlin 2026 brings together elite security researchers from around the world to identify and responsibly disclose zero-day exploits. The competition incentivizes researchers to find bugs before malicious actors can weaponize them, with substantial cash rewards based on vulnerability severity and complexity. The 24 zero-days found represent a significant number of previously unknown security gaps. Windows 11 and Edge remain primary targets at the event due to their widespread deployment across consumer and enterprise environments. Researchers demonstrating successful exploitation earn recognition and financial rewards while providing Microsoft with detailed technical information needed to develop patches. Microsoft typically works with competition organizers and researchers to understand each vulnerability's scope and develop fixes. The company has a history of addressing zero-days discovered at Pwn2Own events through regular security updates. Pwn2Own Berlin continues through multiple days, with additional categories covering other software and hardware platforms. Past editions have revealed vulnerabilities in browsers, operating systems, virtual machines, and IoT devices. The discovery of these vulnerabilities at a controlled event allows Microsoft and security researchers to collaborate on fixes before attackers gain access to exploit code. Participants sign agreements ensuring responsible disclosure practices and preventing the premature public release of exploit details. For enterprise users and Windows 11 adopters, the findings underline the importance of maintaining current patch levels and security practices. Microsoft's regular update cycle allows users to receive fixes for reported vulnerabilities within standard servicing timelines.

■ MORE FROM THE SECURITY DESK

A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.

12H AGOIndustry Desk

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

18H AGOSecurity Desk

A new variant of RedHook Android malware abuses Wireless ADB (Android Wireless Debugging) to gain shell-level privileges without requiring a computer connection. This represents a significant escalation in the malware's capabilities.

19H AGOSecurity Desk

Fraudsters are creating convincing counterfeit news articles impersonating major publishers like the Guardian to direct social media users to bogus investment sites. The fake stories feature fabricated celebrity endorsements and financial narratives designed to establish credibility.

YESTERDAYIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.