The three-day competition, held from May 14 to May 16 alongside OffensiveCon in Berlin, awarded $1,298,250 in cash prizes. The event placed some of the world’s most widely used corporate technologies under controlled attack, with researchers targeting Microsoft, Red Hat, VMware, NVIDIA, OpenAI, Anthropic and other platforms used across modern business infrastructure.
DEVCORE emerged as the strongest team, winning the Master of Pwn title with 50.5 points and $505,000 in awards. STARLabs SG finished second with 25 points and $242,500, while Out Of Bounds placed third with 12.75 points and $95,750. The outcome showed the scale of professional vulnerability research now focused on products central to cloud computing, AI development and enterprise administration.
The contest began with a strong opening day as participants earned $523,000 for 24 unique zero-day flaws. Among the most closely watched demonstrations was a Microsoft Edge sandbox escape by Orange Tsai of DEVCORE, who chained four logic bugs to break out of the browser’s protective boundary. Browser sandbox escapes remain significant because they can turn a web-based attack into a deeper system compromise if combined with other flaws.
Windows 11 also came under repeated scrutiny, with researchers demonstrating multiple privilege-escalation attacks. Such flaws typically do not provide initial access on their own, but they can allow an attacker who has already entered a system to gain higher privileges, move laterally or disable defences. Red Hat Enterprise Linux for Workstations was also compromised through local privilege-escalation techniques, reinforcing concerns that desktop and workstation-class systems remain valuable targets in corporate environments.
Microsoft Exchange drew particular attention after Orange Tsai chained three bugs to achieve remote code execution with SYSTEM privileges, earning $200,000. Exchange servers have long been high-value targets because they sit close to corporate communications, identity flows and sensitive records. A remote code execution path on such a platform carries obvious operational risk if left unpatched in exposed environments.
Microsoft SharePoint was also exploited during the final day, when DEVCORE’s splitline chained two bugs to compromise the platform and earned $100,000. SharePoint’s use across document management and internal collaboration makes vulnerabilities in the product especially relevant for organisations handling contracts, records, legal material and internal workflows.
Virtualisation risks were highlighted when STARLabs SG’s Nguyen Hoang Thach exploited VMware ESXi using a memory corruption bug with a cross-tenant code execution add-on, earning $200,000. ESXi sits at the heart of many corporate data centres, and flaws in virtualisation layers can have broad consequences because they may affect multiple workloads hosted on the same infrastructure.
A defining feature of this year’s Berlin event was the prominence of artificial intelligence software. The competition included AI databases, coding agents, local inference platforms and NVIDIA technologies, reflecting the speed with which AI tools are being embedded in enterprise environments. OpenAI Codex, Anthropic Claude Code, Cursor, LM Studio, LiteLLM and Chroma were among the targets tested by researchers.
Successful demonstrations against AI tools included attacks on OpenAI Codex, Cursor, LM Studio, LiteLLM and Chroma, with some entries involving server-side request forgery, code injection, path traversal and logic flaws. These results point to a broader challenge for companies deploying AI systems: the attack surface is no longer limited to models and prompts, but extends to plugins, local runtimes, data connectors, developer environments and infrastructure permissions.
NVIDIA-related targets also featured prominently. Researchers demonstrated vulnerabilities in NVIDIA Container Toolkit and Megatron Bridge, both relevant to organisations using accelerated computing and AI infrastructure. Container and GPU-linked tooling now plays a growing role in AI deployment, making weaknesses in these layers attractive to attackers seeking access to workloads, data pipelines or compute resources.
Not every exploit attempt succeeded, and several demonstrations were classed as collisions because the bugs were already known to the vendor or had overlapped with earlier submissions. Those results still matter because they show how multiple teams can independently discover similar weaknesses, a sign that attackers outside controlled competitions may also identify comparable paths.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
