Pwn2Own Berlin Day 2: Exchange, Linux, and AI agents fall
Day 2 of Pwn2Own Berlin 2026 yielded 15 zero-days and $385,750 in prizes. Exchange fell to a three-bug RCE chain. Cursor AI and OpenAI Codex were exploited too.
2 articles tagged #zero-day
Day 2 of Pwn2Own Berlin 2026 yielded 15 zero-days and $385,750 in prizes. Exchange fell to a three-bug RCE chain. Cursor AI and OpenAI Codex were exploited too.
CVE-2026-45585 (YellowKey) gives an attacker shell access to a BitLocker volume using physical access and a USB drive. PoC is public, no patch exists. Enable TPM+PIN to block it.