InfoSecBulletin Cybersecurity for mankind
Hackers to breach Microsoft Edge, Windows 11, LiteLLM, and NVIDIA technologies at Pwn2Own Berlin 2026. In the very first day, researchers earned $523,000 by exploiting 24 unique zero days in various products.
Asian Two AI startups launch Mythos-like Model
Polymarket Hack Reportedly Results in $3 Million Theft
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
AI Platforms Under Attack
AI tools became the center point in the competition for various reasons. Researcher k3vg3n found three flaws, such as SSRF and code injection, that let him hack LiteLLM, a service for handling large language model APIs.
The result shows how attaker easily leverage AI infra and execute unauthorized intrusion. STARLabs SG found five bugs in LM Studio, showing that complicated AI processes can create many weaknesses.
Compass Security took advantage of a CWE-150 flaw in OpenAI Codex, showing the dangers of AI coding helpers that are more common in development processes.
Windows 11 Privilege Escalation Attacks
In Pwn2Won, Windows 11’s various flaws were exploited, incuding improper access control, a heap-based buffer overflow, use-after-free vulnerabilities.
Windows 11 was another major target, with multiple successful privilege escalation exploits demonstrated:
DEVCORE used an improper access control flaw to gain elevated privileges
Marcin Wiązowski exploited a heap-based buffer overflow
Kentaro Kawane chained two use-after-free vulnerabilities
These flaws let hackers go from regular user access to admin control, which is an important step in many real-world cyberattacks. These flaws can help them move across systems, stay inside the system, and gain full control.
Microsoft Edge Sandbox Escape
DEVCORE researcher Orange Tsai found four flaws that let him break out of the Microsoft Edge sandbox. This sandbox is meant to keep browser tasks separate and stop bad code from harming the system. By bypassing this protection, the exploit enabled code execution outside the restricted environment, potentially leading to full system compromise. For this DEVCORE earned $175000, the highest payment of the day.
NVIDIA
NVIDIA tools were also targeted. Researchers used a bug to target the NV Container Toolkit, and they accessed NVIDIA Megatron Bridge because of path issues and weak security.
Not every attack worked. Some efforts to break into OpenAI Codex and Oracle Autonomous AI Database didn’t succeed or were marked as “collisions,” which means the problems were already known to the companies.
This year’s Pwn2Own shows a clear change towards targets that focus on AI. This includes AI databases, coding agents, and local inference systems.
Related News:
OpenClaw Flaws Expose 245,000 Public AI Agent Servers
Microsoft’s MDASH VS Anthropic’s Mythos VS OpenAI’s Daybreak
