Overview

• The inaugural European edition of Pwn2Own, held alongside OffensiveCon in Berlin, saw researchers disclose and sell 28 zero-day vulnerabilities across critical platforms.
• StarLabs SG from Singapore emerged as the overall winner, earning the 'Master of Pwn' title and $320,000 in prize money.
• Breakthrough exploits included the first single integer overflow takeover of VMware ESXi and dual JavaScript-based hacks of Firefox, leading Mozilla to release urgent patches (Firefox 138.0.4 and ESR updates).
• A newly introduced AI category targeted platforms like Nvidia Triton Inference Server and Redis, reflecting a shift toward securing machine-learning infrastructure.
• Vendors, including Mozilla and VMware, have begun rolling out updates to address vulnerabilities, underscoring the rapid response cycle following the competition.