Windows 11 Hacked — Three New Pwn2Own Zero-Days Deployed
The world of cybersecurity was shaken to its core on May 15, 2025, when day one of the PWN2OWN hacking event in Berlin saw not one, not two, but three successful hacking attempts targeting Windows 11. This marks a significant milestone in the history of the event, which has been running for nearly two decades. In this article, we will delve into the details of these three zero-day exploits and explore what they mean for users and manufacturers alike.
The PWN2OWN Event: A Platform for Security Researchers
Pwn2OWN is an annual hackathon event that brings together some of the best security researchers in the world. The brainchild of the Trend Micro Zero Day Initiative, this twice-yearly event has been running since 2007 and attracts top talent from around the globe. The event's purpose is to test the defenses of various products against zero-day exploits, with the goal of identifying vulnerabilities that can be patched before malicious actors exploit them.
The Three Windows 11 Zero-Days
So, what exactly did we see on day one of PWN2OWN Berlin? In short, three Windows 11 zero-days were successfully deployed by elite hackers. These exploits allowed the attackers to elevate privileges to system level, giving them a potential backdoor into the operating system.
The first exploit was attributed to Angelboy, a hacker from the DEVCORE Research Team. This attack used a combination of known vulnerabilities to achieve the goal of privilege escalation on Windows 11. However, it's worth noting that this exploit was not considered a full success in terms of the competition due to one of the exploited vulnerabilities being already known to Microsoft.
The second exploit was attributed to Nguyen Hoang Thach, a hacker from the STARLabs SG team. This attack used a single integer overflow exploit to compromise Broadcom's VMware ESXi hypervisor. This is a significant achievement, as VMware ESXi has never been compromised by hackers during the event's 18-year history.
The Rewards: Why These Hackers Matter
So, what drives these security researchers to risk their skills on zero-day exploits? The answer lies in the prize funds. Each successful exploit earns the hacker a significant amount of money, ranging from $75,000 for the first exploit all the way up to $150,000 for the second.
But why do they care about Windows 11 and Broadcom's VMware ESXi? The truth is that these hackers are not just motivated by financial gain. They are passionate about security and want to make a difference in the world. By identifying vulnerabilities in products like Windows 11 and VMware ESXi, they can help manufacturers patch their systems before malicious actors exploit them.
A Call to Action: Securing Our Digital Lives
As we navigate the complex landscape of cybersecurity threats, it's essential that we prioritize security. By staying informed about zero-day exploits and keeping our software up-to-date, we can significantly reduce the risk of falling victim to these attacks.
In conclusion, the PWN2OWN event is a testament to the power of human ingenuity in the face of technological challenges. While it's easy to view hacking as a malicious activity, it's essential to recognize that some hackers are using their skills for good. As we move forward in this digital age, it's crucial that we prioritize security and stay vigilant against emerging threats.
Update: Another Windows 11 Hack
As of May 17, 2025, another successful Windows 11 hack has been reported. A hacker from the DEVCORE Research Team achieved a privilege escalation attack on Microsoft's premier operating system. However, this was not deemed a full success in terms of the competition due to one of the exploited vulnerabilities being already known to Microsoft.
We will continue to monitor the situation and provide updates as more information becomes available.