"Hackers Earn $1,132,500 For 29 Zero-Days at Pwn2Own Vancouver"

Pwn2Own Vancouver 2024 has recently ended.  Security researchers collected $1,132,500 after demoing 29 zero-days (and some bug collisions).  Throughout the event, the security researchers targeted software and products in the web browser, cloud-native/container, virtualization, enterprise applications, server, local escalation of privilege (EoP), enterprise communications, and automotive categories, all up-to-date and in their default configuration.  The total prize pool was over $1,300,000 in cash prizes and a Tesla Model 3, which Team Synacktiv won on the first day.  During the event, competitors successfully gained code execution and escalated privileges on fully patched systems after hacking Windows 11, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, three web browsers (Apple Safari, Google Chrome, and Microsoft Edge), and the Tesla Model 3.  Vendors have 90 days to release security fixes for zero-day vulnerabilities reported during Pwn2Own contests before TrendMicro's Zero Day Initiative discloses them publicly.

BleepingComputer reports: "Hackers Earn $1,132,500 For 29 Zero-Days at Pwn2Own Vancouver"