**Zeroday Cloud Hacking Event Awards $320,000 for 11 Zero Days**

The Zeroday Cloud hacking competition in London has come to a close, with researchers walking away with a total of $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure.

Hosted by Wiz Research in partnership with Amazon Web Services, Microsoft, and Google Cloud, the first-ever cloud-focused hacking event was a resounding success. The competition saw 13 hacking sessions take place across two days, with researchers successfully exploiting 11 zero-day vulnerabilities – an impressive 85% success rate.

The first day of the competition saw $200,000 awarded to researchers who successfully exploited issues in Redis, PostgreSQL, Grafana, and the Linux kernel. These findings are particularly concerning, as they demonstrate the ease with which attackers can breach cloud security guarantees by exploiting vulnerabilities in widely used components.

On the second day, another $120,000 was handed out to researchers for their exploits in Redis, PostgreSQL, and MariaDB – the most popular databases used by cloud systems to store sensitive information. The Linux kernel was also compromised through a container escape flaw, which allowed attackers to break isolation between cloud tenants.

The Linux kernel vulnerability is particularly concerning, as it undermines a core cloud security guarantee: the ability to isolate tenants from one another. This could have serious implications for cloud providers and their customers, who rely on this isolation to protect sensitive information.

Two teams stood out during the competition: Zellic and DEVCORE, which were awarded $40,000 for their success in exploiting vulnerabilities. Team Xint Code was crowned champion after successfully exploiting Redis, MariaDB, and PostgreSQL, earning them a prize of $90,000.

The total amount awarded during the first Zeroday Cloud competition is only a small fraction of the $4.5 million available for researchers showcasing exploits for various targets. Despite this, the findings from the competition are a sobering reminder of the importance of cloud security and the need for ongoing research and innovation in this area.

Eligible categories and products that didn't see any exploits during the competition include AI (Ollama, vLLM, Nvidia Container Toolkit), Kubernetes, Docker, web servers (ngnix, Apache Tomcat, Envoy, Caddy), Apache Airflow, Jenkins, and GitLab CE. These areas will be a focus for future competitions, with researchers encouraged to explore new vulnerabilities and share their findings.

**The Impact of Broken IAM**

Broken Identity Access Management (IAM) isn't just an IT problem – it has far-reaching implications that can impact the entire business. In our latest guide, we explore why traditional IAM practices fail to keep up with modern demands, provide examples of what "good" IAM looks like, and offer a simple checklist for building a scalable strategy.

**Other Security News**

* **Hackers exploit unpatched Gogs zero-day to breach 700 servers**: A critical vulnerability in the popular Gogs version control system has been exploited by hackers, compromising over 700 servers. * **Contractors with hacking records accused of wiping 96 govt databases**: A group of contractors with a history of hacking have been accused of intentionally deleting sensitive data from government databases. * **W3 Total Cache WordPress plugin vulnerable to PHP command injection**: A popular WordPress plugin has been found to be vulnerable to a critical security exploit, leaving millions of websites at risk.