76 Zero-Day Vulnerabilities Exposed at Pwn2Own Automotive 2026 by Hackers - gbhackers.com

76 Zero-Day Vulnerabilities Exposed Pwn2Own Automotive CVE/vulnerabilityCyber Security NewsVulnerability 1 min.Read 76 Zero-Day Vulnerabilities Exposed at Pwn2Own Automotive 2026 by Hackers By Divya January 23, 2026 Share Facebook Twitter Pinterest WhatsApp The final day of Pwn2Own Automotive 2026 brought the world’s elite security researchers to the finish line with a spectacular display of hacking prowess. Over three intense days of competition, researchers successfully identified and exploited 76 unique zero-day vulnerabilities across automotive systems, claiming a combined prize pool of $1,047,000 USD. The competition crowned Tobias Scharnowski, Felix Buchmann, and Kristian Covic of Fuzzware.io as the Master of Pwn champions, earning an impressive 28 points and $215,500 USD for their sophisticated exploits targeting multiple vehicle infotainment and charging systems. Key Vulnerability Discoveries ZeroDay Initiative researchers demonstrated a diverse range of vulnerability types throughout the competition. Buffer overflow vulnerabilities dominated the findings, with both stack-based and heap-based overflow exploits successfully achieving arbitrary code execution. Notably, Viettel Cyber Security exploited a heap-based buffer overflow in the Sony XAV-9500ES to gain system control, while the DDOS team demonstrated a stack-based overflow in Alpine infotainment systems. 76 Zero-Day Vulnerabilities Exposed (source: Zeroday Initiative) One of the most creative exploits came from Juurin Oy’s team, who compromised the Alpitronic HYC50 EV charger using a Time-Of-Check-Time-Of-Use (TOCTOU) race condition vulnerability. The team earned $20,000 USD and 4 Master of Pwn points and famously installed a playable version of Doom on the compromised system to demonstrate full code execution capabilities. The competition exposed vulnerabilities across critical automotive components, including infotainment systems from Alpine, Kenwood, and Sony; EV charging stations from Grizzl-E and Autel; and specialized automotive interfaces. exploiting one unique vulnerability to gain root access  (source: Zeroday Initiative) Permission assignment flaws and race conditions also emerged as significant attack vectors beyond traditional memory corruption bugs. The 76 vulnerabilities uncovered represent critical findings that will drive security improvements across the automotive industry. The diversity of affected manufacturers from infotainment pioneers to EV charging specialists highlights the widespread need for enhanced security practices in connected vehicle ecosystems. The competition demonstrated that automotive systems remain attractive targets for sophisticated researchers, with substantial rewards incentivizing continuous security research and responsible vulnerability disclosure. These findings will strengthen the automotive sector’s defensive posture through coordinated vulnerability management and patching initiatives. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags cyber security Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore cyber security Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks 0 Handala Hack is an Iranian state-linked destructive actor that... Cyber Attack Cyberattack Hits Poland’s Nuclear Research Center 0 Poland's National Centre for Nuclear Research recently experienced a... Cyber Attack CamelClone Uses Public File-Sharing Sites in Government Cyberattacks 0 A new cyber espionage campaign dubbed Operation CamelClone, targeting... AI Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories 0 Zach Rice, the original creator of the widely popular... Botnet RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs 0 RondoDox is a Mirai‑style botnet that has quickly evolved... cyber security MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time 0 Every day, billions of people rely on postal and... Android Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services 0 Google is preparing to launch Android 17, introducing a... Cyber Security News Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services 0 Tenable Research recently uncovered “LeakyLooker,” a critical set of... Related Articles Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks cyber security March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Cyber Attack March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Cyber Attack March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories AI March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Botnet March 16, 2026 Recent News Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks Mayura Kathir - March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Divya - March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Mayura Kathir - March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories Divya - March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Mayura Kathir - March 16, 2026 MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time Mayura Kathir - March 16, 2026