Hackers successfully exploited 15 zero-day vulnerabilities in various products, including Windows 11 and Microsoft Exchange, on the second day of Pwn2Own Berlin 2026, earning $385,750 in cash awards. The demonstrations showcased the ability to compromise these systems, highlighting the need for immediate patching. Specifically, the exploits targeted Windows 11 and Microsoft Exchange, as well as Red Hat Enterprise Linux for Workstations1. The vulnerabilities allowed hackers to gain unauthorized access, underscoring the importance of prompt vulnerability management. As a result, the window for patching these vulnerabilities is rapidly shrinking, making it crucial for organizations to assess their exposure and take swift action to mitigate potential attacks. The fact that zero-day vulnerabilities were discovered in widely used products like Microsoft Exchange and Windows 11 means that practitioners must prioritize patching to prevent exploitation, as the timeline for applying fixes is already constrained.
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
⚠️ Critical Alert
Why This Matters
Zero-day activity targeting Microsoft means patching windows are already closing — assess your exposure immediately.
References
- BleepingComputer. (2026, May 15). Pwn2Own day two: Hackers demo Microsoft Exchange, Windows 11, Red Hat Enterprise Linux zero-days. *BleepingComputer*. https://www.bleepingcomputer.com/news/security/pwn2own-day-two-hackers-demo-microsoft-exchange-windows-11-red-had-enterprise-linux-zero-days/
Original Source
BleepingComputer
Read original →