Windows 11 Hacked — Three New Pwn2Own Zero-Days Deployed
Update, May 17, 2025: This story, originally published May 16, has been updated with news of another successful Windows 11 hack at the Pwn2Own hacking event in Berlin.
I've said it before, and I'll say it again: hacking is not a crime. I'd have been in prison a long time ago were that true. I'm not a fan of the term ethical hackers, but it will have to do to describe the security researchers and hacking elite who have gathered in Berlin for day one of the Pwn2Own hackathon. Rather than use their undoubted hacking skills for malicious purposes, like the most prolific cybercriminal groups do, these hackers have been deploying zero-days for the good of us all, including three aimed at Windows 11 that managed to elevate privileges to system level that could enable complete system takeover. Such skills do not go unvalued, and the hackers concerned were rewarded $75,000 for their efforts. Here's what you need to know about the Windows 11 hack trilogy.
If you are a regular reader of my articles, then you will know that I have covered the Pwn2Own events for many years. Most recently, detailing how Tesla fell to hackers four times in one day, and five zero-day vulnerabilities were employed to compromise the Samsung Galaxy 24 smartphone. You would also know that Tesla and Samsung submitted their products to the hackathon event, wanting to see if the elite of the hacking world could find vulnerabilities that they had not, so they could be fixed before malicious actors stumbled across them.
Pwn2Own, the brainchild of the Trend Micro Zero Day Initiative, dates back to 2007 and attracts some of the best hacking minds on the planet to the twice-yearly events. Pitched against the clock to 'pwn' products, hacker and gamer slang for owning something or someone by gaining control, the zero-day hacker heroes can earn a share of more than a million dollars in prize funds.
Day one of Pwn2Own Berlin 2025, held on May 15, saw no less than three successful hacking attempts targeting Windows 11 and escalating privileges to system level:
Update: The first results for day three of Pwn2Own are in, and it's Windows 11 that's the victim once again. A hacker called Angelboy from the DEVCORE Research Team achieved another privilege escalation attack against Microsoft's premier operating system. However, this was not deemed a full success in terms of the competition, but rather a collision. This is because one of the vulnerabilities that were used in the exploit chain was already known to Microsoft, and so not a true zero-day.
And it's not just Microsoft products that are falling into the hands of these elite hackers. Broadcom's VMware ESXi has been compromised by a zero-day exploit as well. This is Pwn2Own history in the making, as the hypervisor has never been compromised by hackers before during the event's 18 years of activity. The hacker behind the achievement, Nguyen Hoang Thach, who is part of the STARLabs SG team, was able to deploy a single integer overflow exploit. This earned them a not-too-shabby reward of $150,000 on the spot, as well as 15 valuable points towards the coveted Master of PWN title.
I have reached out to Microsoft for a statement regarding the Windows 11 hack successes at Pwn2Own, as well as Broadcom, concerning the $150,000 VMware ESXi zero-day.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Android Authority
an hour ago
- Android Authority
Why government red tape is draining your phone's battery potential
Robert Triggs / Android Authority You're not alone if you're pining for longer battery life from your latest smartphone. Despite emerging technologies like silicon-carbon cells, we've seemingly hit a ceiling just above the 5,000 mAh mark — at least for phones sold in the US and Europe. Meanwhile, glance over at models in China or India, and you'll spot far larger batteries in otherwise identical handsets. For example, the new Nothing Phone 3 packs a 5,150mAh battery globally, but bumps that up to 5,500mAh in India. The HONOR Magic 7 Pro goes from 5,270mAh in Europe to 5,850mAh in China, and the Xiaomi 15 Ultra stretches from 5,410mAh globally to a massive 6,000mAh in its domestic market. So what gives? Why can't we have these same huge battery capacities on the other side of the world too? Wouldn't you know it? Regulation and red tape are to blame Rita El Khoury / Android Authority If you've ever attempted to ship a phone by post in Europe or the US (and probably many other countries too), you might have been interrogated by the postmaster about the size of the battery and whether it's sealed in the device. That's because many countries treat lithium-ion batteries as hazardous goods, with strict rules on how they're packaged and transported. The same rules apply — often even more stringently — to commercial shipments moving by air, road, rail, or sea. Several major international regulations govern this. In Europe, there's the ADR (covering road transport), RID (rail), and IMDG (sea). For air shipments, carriers follow the International Air Transport Association's (IATA) Dangerous Goods Regulations (DGR) and the International Civil Aviation Organization (ICAO) rules. In the US, there's also the Code of Federal Regulations, 49 CFR § 173.185, which lays out similar requirements, and other nations sometimes have their own rule variations. All of these regulations ultimately trace back to the UN's Model Regulations, which define lithium-ion batteries as either UN3480 (batteries shipped on their own) or UN3481 (batteries packed with or inside equipment). But the most important piece is UN Special Provision 188, which sets a threshold for what's considered a 'small' lithium-ion battery that can be shipped under simplified rules. That limit is 20Wh (watt-hours) per cell, and it's mirrored in the ADR, IMDG, IATA, and other international rules that govern global transportation networks. For context, there's also a 100Wh limit for a complete battery pack before stricter transport classifications kick in — but that's more relevant for laptops and power banks. International transport rules cap single-cell li-ion capacity at 20Wh, roughly 5,300mAh. A 20Wh cap might sound large, but it's tied to the battery's voltage. For a typical lithium-ion cell with a nominal voltage around 3.8 V, this works out to roughly 5,300mAh per cell — which is about where most modern smartphone batteries in Europe and the US max out. That's why you might notice slightly smaller battery capacities in these markets compared to some models sold in countries with fewer shipping constraints. While these rules might be annoying from a consumer product perspective, they exist for a very good reason. Lithium-ion batteries pack a lot of energy into a small space, which is what makes them so good for powering phones and laptops, but it also means they can pose a fire risk if damaged, short-circuited, or exposed to heat. We've all seen the exploding phone horror stories due to thermal runaway. Shipping regulations are designed to minimize these risks by limiting the size of batteries that can travel under simpler, less costly rules, alongside the UN38.3 altitude, vibration, and thermal tests that all lithium batteries must pass to prove they can be transported safely. By capping battery energy at 20Wh per cell for simplified transport, authorities reduce the chances of large-scale fires in trucks, ships, or aircraft cargo holds, which helps keep insurance costs down as well. Bigger batteries aren't banned outright, but they require more protective packaging, special documentation, and sometimes dedicated cargo handling to keep people and property safe. Why do some phones still have 6,000mAh batteries? Joe Maring / Android Authority Did you spot the lawyer's way out of this conundrum? The 20Wh rule applies to single battery cells, but you can skirt this restriction if you pack two (or more) batteries together inside a gadget. Some smartphones have sported split-cell designs for more efficient fast charging for a number of years now, most noticeably from BBK brands OnePlus and OPPO. Hence, you'll still find a colossal 6,000mAh battery stateside with the OnePlus 13, and the OPPO Find X8 Pro makes its way to Europe with its 5,910mAh cell intact. But that's not exactly a cheap solution; not only does it require multiple cells, but special circuitry to handle charging and discharging safely. Not every brand is willing to invest in that, which is one reason why Apple, Google, Samsung, and many others haven't pushed ahead with quite as large capacities as some of their Chinese competitors. Still, laptops have long used multiple smaller cells wired together to stay safely under the 100Wh pack limit, which is why we rarely see them run into shipping issues. Our smartphones will have to follow suit if we want to take another leap up in capacity. More expensive split-cell designs are one way to boost phone battery life to new highs. When it comes to phones manufactured and sold in China, the products move entirely internally, so many of the rules that govern international shipping don't apply or aren't enforced as strictly. Likewise, land transportation between China and its neighbours, along with localized manufacturing, helps explain why we occasionally see some larger capacity models make their way outside of China as well. If you really want bigger batteries in your gadgets, we will either have to pay the premium for split cell designs, fork out for the cost, liability, and insurance premiums for shipping bigger batteries, or start manufacturing them locally. That latter point obviously isn't going to happen, so we might be snookered, which will unfortunately reduce the scale of the battery-life breakthroughs being made by technologies like silicon-carbon batteries.
Yahoo
2 hours ago
- Yahoo
Equipment manufacturer turns heads with next-gen work vehicles boasting incredible performance: 'It is an ideal tool'
In a huge move for the industrial and construction industries, Spanish equipment manufacturer AUSA has introduced its first-ever electric rough-terrain forklift, per Electrek. Unveiled at the recent Bauma construction fair in Germany, the C151E is designed to bring the well-known benefits of electric vehicles into demanding job sites and represents a significant innovation in heavy‑duty material handling. AUSA shared in a video all the specs of the C151E, including a 3,000-pound loading capacity, battery with up to 18.6 kilowatt-hours, digital display with diagnostics, all-in-one joystick, zero carbon pollution, and it's nearly silent. AUSA said in a press release that the forklift is designed specifically for worksites with low pollution, like greenhouses and enclosed spaces. Electrek reported that the forklift also charges incredibly quickly: "Even if you drive the battery to nearly nothing, the AUSA can be charged up during a lunch break or shift change and ready to work again as soon as you reach for it." There is a growing trend of electrifying necessary equipment in manufacturing industries. Another European Union company announced an all-new electric line of construction equipment in 2024. Australia and China are also seeing similar innovations. Forklifts are indispensable across countless sectors, from agriculture and recycling to logistics and construction. Introducing electric models such as the C151E means smoother, more efficient operations and a great way to cut costs. "It is an ideal tool for working in emission-free spaces such as greenhouses, municipal night works, enclosed spaces, etc.," AUSA said, according to Electrek. Companies can expand their use, because electric assets are allowed where internal combustion isn't. "You can earn more work, get a higher utilization rate, and maximize not only your fuel savings, but generate income you couldn't generate without it," Electrek explained. Beyond financial savings, without tailpipe pollution, the forklift is also beneficial to the environment as well as the health of those operating it. Traditional diesel and gas-powered forklifts can negatively impact air quality and worker health, especially in enclosed spaces like warehouses, because of the release of carbon monoxide as well as known carcinogens. Thanks to innovations like the C151E, it's now easier than ever for companies to cut costs, protect worker health, and get the job done — without all the noise and fumes. It's a win for business and a win for the environment. If you're thinking about switching to electric yard tools, which of these factors would be most persuasive for you? Better for the environment Cheaper to fuel and maintain More enjoyable to use Produce better results Click your choice to see results and speak your mind. Join our free newsletter for weekly updates on the latest innovations improving our lives and shaping our future, and don't miss this cool list of easy ways to help yourself while helping the planet.
Entrepreneur
2 hours ago
- Entrepreneur
Final Hours to Get Windows 11 Pro with Copilot for Just $10
Disclosure: Our goal is to feature products and services that we think you'll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners. If your computer is still running Windows 10, the clock is ticking. Microsoft announced that it is ending support for the beloved OS later this year, meaning it will no longer offer free software updates or security releases. Rather than scramble to upgrade at full price later, get Windows 11 Pro at an all-time low price now. While you may be able to install Windows 11 Home, the basic version, at no cost, you won't get remote desktop access, BitLocker device encryption, Hyper-V, or other exclusive features. Besides, at only $9.97, this Windows 11 Pro key can upgrade two compatible PCs (reg. $199). This price is only valid through July 15. Features designed to support professionals and remote workers Like many, you may be procrastinating this upgrade because you think you won't like the new user design, but there's a lot to love. It's not too unlike Windows 10, and you'll have new productivity tools like snap layouts, an improved search function, and widgets to streamline your workdays. Upgrading to Windows 11 also means you get Copilot, the AI assistant. Powered by a custom version of GPT-4, it's basically like having the premium version of Open AI living in your PC for generating text, images, code, and answering questions. Almost instantly after completing your purchase, you'll receive an email with a download link and activation code to install Windows 11 Pro on up to two PCs, like your work and personal computers. Enjoy software upgrades as long as Microsoft supports this OS. Why this deal is worth it Operating systems aren't just background software—they shape how efficiently (and securely) you work. With Windows 10 sunsetting soon, this Windows 11 Pro deal is a rare chance to modernize your tech stack without the usual price tag. For just $10, you can streamline two machines with pro-grade features typically reserved for business users. It's also a smart hedge against future compatibility issues, software lockouts, or the rising cost of digital tools. Think of it as preventative maintenance that actually saves you money. Don't miss this Windows 11 Pro discount: $9.97 until July 15 at 11:59 p.m. PT (reg. $199). No coupon is needed to get this price. Microsoft Windows 11 Pro See Deal StackSocial prices subject to change.
