LmCast :: Stay tuned in

Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026

Recorded: Jan. 23, 2026, 5 p.m.

Original Summarized

Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026

News

Featured
Latest

Curl ending bug bounty program after flood of AI slop reports

INC ransomware opsec fail allowed data recovery for 12 US orgs

Cisco fixes Unified Communications RCE zero day exploited in attacks

Hackers exploit 29 zero-days on second day of Pwn2Own Automotive

US to deport Venezuelans who emptied bank ATMs using malware

Hackers exploit critical telnetd auth bypass flaw to get root

What an AI-Written Honeypot Taught Us About Trusting Machines

Microsoft: Outlook for iOS crashes, freezes due to coding error

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityHackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026

Hackers get $1,047,000 for 76 zero-days at Pwn2Own Automotive 2026

By Sergiu Gatlan

January 23, 2026
07:50 AM
0

Pwn2Own Automotive 2026 has ended with security researchers earning $1,047,000 after exploiting 76 zero-day vulnerabilities between January 21 and January 23.
The Pwn2Own Automotive hacking competition focuses on automotive technologies and took place this week in Tokyo, Japan, during the Automotive World auto conference.
Throughout the contest, the hackers targeted fully patched in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems (e.g., Automotive Grade Linux).

Before TrendMicro's Zero Day Initiative publicly discloses them, vendors have 90 days to develop and release security fixes for zero-days that were exploited and reported during the Pwn2Own contest.
Team Fuzzware.io won the Pwn2Own Automotive 2026 contest after taking home $215,000 in cash, followed by Team DDOS with $100,750 and Synactiv with $85,000.

Pwn2Own Automotive 2026 leaderboard (ZDI)
​In total, Fuzzware.io earned $118,00 after hacking an Alpitronic HYC50 Charging Station, an Autel charger, and a Kenwood DNR1007XR navigation receiver on the first day.
They were also awarded another $95,000 for demonstrating multiple zero-days in the Phoenix Contact CHARX SEC-3150 charging controller, the ChargePoint Home Flex EV charger, and the Grizzl-E Smart 40A EV charging station on the second day, and an additional $2,500 after a bug collision while attempting to root an Alpine iLX-F511 multimedia receiver on the last day of the contest.
Synacktiv Team also collected $35,000 after chaining an out‑of‑bounds write flaw and an information leak to hack the Tesla Infotainment System via a USB-based attack on the first day of Pwn2Own.
The full schedule for the third day and the results for each challenge are available here, while the complete schedule for Pwn2Own Automotive 2026 is available here.
During the Pwn2Own Automotive 2024 contest, hackers collected another $1,323,750 after demoing 49 zero-day bugs and hacking a Tesla car twice. Last year, security researchers earned another $886,250 after exploiting 49 zero-days at Pwn2Own Automotive 2025.

7 Security Best Practices for MCP
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
Download Now

Related Articles:
Hackers exploit 29 zero-days on second day of Pwn2Own AutomotiveTesla hacked, 37 zero-days demoed at Pwn2Own Automotive 2026Zeroday Cloud hacking event awards $320,0000 for 11 zero daysVMware ESXi zero-days likely exploited a year before disclosureCisco fixes Unified Communications RCE zero day exploited in attacks

Automotive
Exploit
Hacking
Pwn2Own
Zero-Day

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

Popular Stories

Fortinet admins report patched FortiGate firewalls getting hacked

Hackers breach Fortinet FortiGate devices, steal firewall configs

Zendesk ticket systems hijacked in massive global spam wave

Sponsor Posts

Exposure Management Index: Insights From 3,000+ Teams. Get The Report.

Discover how phishing kits are sold and deployed. Download the full research report.

Overdue a password health-check? Audit your Active Directory for free

Identity Governance & Threat Detection in one: Get a guided tour of our platform

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now


Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

The Pwn2Own Automotive 2026 competition, held in Tokyo, Japan, concluded with a significant haul of $1,047,000 awarded to security researchers who successfully exploited 76 zero-day vulnerabilities within automotive technologies. The event, organized by Trend Micro’s Zero Day Initiative (ZDI), focused on securing in-vehicle infotainment (IVI) systems, electric vehicle (EV) chargers, and car operating systems, such as Automotive Grade Linux. Team Fuzzware.io emerged as the top winner, securing $215,000 after demonstrating vulnerabilities in an Alpitronic HYC50 Charging Station, an Autel charger, and a Kenwood DNR1007XR navigation receiver. The team subsequently earned an additional $95,000 for exploiting multiple zero-days in the Phoenix Contact CHARX SEC-3150 charging controller, the ChargePoint Home Flex EV charger, and the Grizzl-E Smart 40A EV charging station. Synactiv Team received $35,000 after chaining an out-of-bounds write flaw and an information leak to compromise a Tesla Infotainment System via a USB-based attack. The competition highlighted the ongoing need for robust cybersecurity measures within the rapidly evolving automotive sector. Previous editions of Pwn2Own Automotive, including the 2024 and 2025 events, generated substantial payouts – $1,323,750 and $886,250 respectively – showcasing the prevalence and criticality of zero-day vulnerabilities in automotive systems. The event’s goal is to incentivize security researchers to identify and report vulnerabilities directly to vendors, enabling timely patching and minimizing potential risks. The substantial monetary rewards underscore the economic value of vulnerability discovery and the importance of proactive security measures within the automotive industry.