Saturday , July 18 2026
Pwn2Own

Pwn2Own Berlin 2026: Windows 11, Microsoft Edge, LiteLLM breached

Hackers to breach Microsoft Edge, Windows 11, LiteLLM, and NVIDIA technologies at Pwn2Own Berlin 2026. In the very first day, researchers earned $523,000 by exploiting 24 unique zero days in various products.

Windows LegacyHive 0, AWS, Fortinet, TP-LINK multiple flaws got hackers attention

A Windows security flaw called LegacyHive (MSNightmare) misuses the User Profile Service. This allows local users to gain higher privileges,...
Read More
Windows LegacyHive 0, AWS, Fortinet, TP-LINK multiple flaws got hackers attention

CVE-2026-53412
Zoom Warns of critical account takeover Flaw via Network Access

Zoom has issued updates for a flaw in the Windows desktop client, known as CVE-2026-53412. This issue may allow an...
Read More
CVE-2026-53412  Zoom Warns of critical account takeover Flaw via Network Access

India to built Mythos-like AI model “Sarvam AI” and “BharatGen” assigned

India is speeding up its work to make homegrown AI models for cybersecurity. These models will help protect important digital...
Read More
India to built Mythos-like AI model “Sarvam AI” and “BharatGen” assigned

Cursor, SonicWall, SharePoint 0-day exploited to the wild

A serious security flaw in Cursor, a popular AI code editor used by more than 7 million developers, lets attackers...
Read More
Cursor, SonicWall, SharePoint 0-day exploited to the wild

Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Microsoft's Patch Tuesday in July 2026 fixes around 570 security flaws in its products. This comes after June's big update,...
Read More
Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

Fortinet fixes seven new security warnings on July 14, 2026. These affect FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The issues vary...
Read More
Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, a CSRF flaw in Cisco...
Read More
CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

AI Platforms Under Attack

AI tools became the center point in the competition for various reasons. Researcher k3vg3n found three flaws, such as SSRF and code injection, that let him hack LiteLLM, a service for handling large language model APIs.

The result shows how attaker easily leverage AI infra and execute unauthorized intrusion. STARLabs SG found five bugs in LM Studio, showing that complicated AI processes can create many weaknesses.

Compass Security took advantage of a CWE-150 flaw in OpenAI Codex, showing the dangers of AI coding helpers that are more common in development processes.

Windows 11 Privilege Escalation Attacks

In Pwn2Won, Windows 11’s various flaws were exploited, incuding improper access control, a heap-based buffer overflow, use-after-free vulnerabilities.

Windows 11 was another major target, with multiple successful privilege escalation exploits demonstrated:

DEVCORE used an improper access control flaw to gain elevated privileges
Marcin Wiązowski exploited a heap-based buffer overflow
Kentaro Kawane chained two use-after-free vulnerabilities

These flaws let hackers go from regular user access to admin control, which is an important step in many real-world cyberattacks. These flaws can help them move across systems, stay inside the system, and gain full control.

Windows 11 Exploited (Source: Zero Day Initiative)

Microsoft Edge Sandbox Escape

DEVCORE researcher Orange Tsai found four flaws that let him break out of the Microsoft Edge sandbox. This sandbox is meant to keep browser tasks separate and stop bad code from harming the system. By bypassing this protection, the exploit enabled code execution outside the restricted environment, potentially leading to full system compromise. For this DEVCORE earned $175000, the highest payment of the day.

NVIDIA

NVIDIA tools were also targeted. Researchers used a bug to target the NV Container Toolkit, and they accessed NVIDIA Megatron Bridge because of path issues and weak security.

Not every attack worked. Some efforts to break into OpenAI Codex and Oracle Autonomous AI Database didn’t succeed or were marked as “collisions,” which means the problems were already known to the companies.

This year’s Pwn2Own shows a clear change towards targets that focus on AI. This includes AI databases, coding agents, and local inference systems.

Related News:

OpenClaw Flaws Expose 245,000 Public AI Agent Servers

Microsoft’s MDASH VS Anthropic’s Mythos VS OpenAI’s Daybreak

OpenClaw Flaws Expose 245,000 Public AI Agent Servers

Check Also

cloud-native

Cloud Native Days Bangladesh 2026 unites 300+ tech professionals in Dhaka

Dhaka sees a crowd over 300 cloud-native practitioners, DevOps engineers, SREs, architects, and students for …