VulnHub

On the first day of Pwn2Own Berlin 2026, researchers showcased their skills by identifying 24 zero-day vulnerabilities across various technologies, earning a total of $523,000 in rewards. The entries targeted popular software, including web browsers, operating systems, AI platforms, and NVIDIA infrastructure. This event is significant as it emphasizes the ongoing security challenges faced by widely used technologies, particularly in the realm of AI. The discoveries made during this competition not only highlight the vulnerabilities that could be exploited by attackers but also serve as a wake-up call for developers and organizations to enhance their security measures. As these zero-days are revealed, it’s crucial for affected vendors to respond swiftly to mitigate potential risks to users.

Pwn2Own Berlin 2026 has reached full capacity for the first time, leading some researchers who were unable to participate to disclose zero-day exploits publicly. These exploits target widely used software and hardware, specifically Firefox and NVIDIA products, as well as various AI platforms. This situation raises concerns for users and companies relying on these technologies, as zero-day vulnerabilities can be exploited by attackers before patches are released. The public disclosure of these vulnerabilities means that organizations need to act quickly to assess their exposure and implement necessary security measures. This incident emphasizes the ongoing arms race between security researchers and hackers in the cybersecurity landscape.

NVIDIA has confirmed that user data from its GeForce NOW service has been compromised in a recent data breach. The incident specifically affects users in Armenia, with personal information being exposed. While the company has not detailed the exact nature of the data leaked, this breach raises concerns about the security of user accounts and the potential for identity theft. NVIDIA's acknowledgment of the breach is crucial, as affected users may need to take immediate action to protect their accounts and personal information. This situation serves as a reminder for all users to stay vigilant about their online security, especially when it comes to gaming services that store sensitive information.

Recent research has identified serious vulnerabilities in Nvidia GPU-based devices, which are common in cloud computing environments. Three new Rowhammer attacks have been discovered that could allow attackers to completely take control of these systems. This is particularly concerning for organizations that rely on high-performance GPUs for various applications, as it raises the risk of unauthorized access and potential data breaches. The ability to exploit these vulnerabilities could have significant implications for cloud security, making it essential for companies to assess their defenses against such attacks. As these GPUs are widely used, the impact of this discovery could be extensive across many sectors relying on cloud services.

Experts at Nvidia's GTC conference are warning that attacks using artificial intelligence are becoming a real threat. They emphasize that cybersecurity defenders need to adopt AI-driven tools to effectively counter these new types of attacks. As AI technology advances, it can be weaponized, making it crucial for organizations to stay ahead by employing similar technologies in their defenses. The discussion points to a growing trend where traditional security measures may no longer be sufficient. Companies that rely on outdated methods could find themselves vulnerable to sophisticated AI-based threats.

NVIDIA's research highlights the vulnerabilities of agentic AI systems, which operate with minimal human oversight. These systems face new risks due to their interactions with various models, tools, and data sources, necessitating a safety and security framework to address these challenges.