CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 16, 2026

Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2

Cybersecurity News Archived May 16, 2026 ✓ Full text saved

Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios against high-value targets, including Microsoft Exchange, Windows 11, and AI coding platforms, […] The post Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 app

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 By Dhivya May 16, 2026 Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios against high-value targets, including Microsoft Exchange, Windows 11, and AI coding platforms, highlighting the growing attack surface in modern environments. Following a strong opening day, the second day added $385,750 in rewards for 15 new zero-day vulnerabilities, pushing the total to $908,750 and 39 unique bugs discovered so far. DEVCORE continues to dominate the leaderboard, largely due to a high-impact Microsoft Exchange compromise. Microsoft Exchange RCE Steals the Spotlight The most significant exploit of the day came from Orange Tsai of DEVCORE, who chained three vulnerabilities to achieve remote code execution (RCE) with SYSTEM privileges on Microsoft Exchange, as reported by Zero Day Initiative. Microsoft Exchange Exploited (Source: Zero Day Initiative) This full-chain attack earned $200,000 and 20 Master of Pwn points, making it the highest-value exploit of the event so far. This type of attack is particularly dangerous because Exchange servers often sit at the core of enterprise communication. A successful RCE allows attackers to control email infrastructure fully, potentially enabling espionage, lateral movement, and data exfiltration. For example, in a real-world scenario, an attacker exploiting Exchange could silently access internal emails, deploy malware, or impersonate executives in phishing campaigns. Windows 11 and Linux Privilege Escalations Operating systems were also heavily targeted. Siyeon Wi successfully exploited an integer overflow vulnerability in Windows 11, gaining elevated privileges and earning $7,500. Windows 11 Exploited (Source: Zero Day Initative) While smaller in payout, such bugs are critical because they can turn limited access into full system control. On the Linux side, Ben Koo of Team DDOS exploited a use-after-free flaw to escalate privileges on Red Hat Enterprise Linux, reinforcing the fact that memory safety issues continue to plague core systems. Linux exploited (Source: Zero Day Initative) AI and developer-focused tools emerged as major targets this year. Notably: Cursor IDE was successfully exploited twice by different teams, confirming multiple vulnerabilities in AI-assisted coding environments. OpenAI Codex was compromised by the Summoning Team using a novel exploit chain. LM Studio was the victim of a code-injection attack by OtterSec researchers. These findings underline a key trend: AI-powered development tools are becoming high-value targets due to their access to source code and developer workflows. Not all attempts were successful. Exploits targeting Apple Safari, Microsoft SharePoint, and Mozilla Firefox failed during execution, showing the increasing difficulty of reliable exploitation even when vulnerabilities are known. Meanwhile, several entries resulted in “collision” outcomes, where researchers demonstrated valid exploits using previously discovered bugs. While still rewarded, these highlight overlapping research efforts within the security community. With one day remaining, DEVCORE leads with 40.5 points and $405,000, but the race for “Master of Pwn” is still open. As more zero-days are expected, vendors, including Microsoft, Red Hat, and AI platform providers, will race to patch newly exposed vulnerabilities. Pwn2Own Berlin continues to demonstrate how quickly attackers can chain multiple bugs into devastating exploits, offering defenders a critical early warning of what could soon appear in the wild. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Linux Microsoft Copy URL Linkedin Twitter ReddIt Telegram Dhivyahttps://cybersecuritynews.com/ Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Trending News TrickMo Android Banking Malware Targets Banking, Wallet, and Authenticator Apps Popular Go Library fsnotify Raises Supply Chain Alarms After Maintainer Access Changes Amazon Redshift JDBC Driver Vulnerabilities Enables Remote Code Execution Attacks Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address Latest News Cyber Security News Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities Cyber Security News Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords Cyber Security News Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices Android Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address Cyber Security News Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 16, 2026
    Archived
    May 16, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗