Do Son 
At the ongoing Pwn2Own hacking tournament in Berlin, a historic milestone was achieved: elite cybersecurity experts successfully breached the VMware ESXi hypervisor for the first time using a previously unknown zero-day vulnerability. This landmark event followed an already explosive opening day, which saw three separate zero-day exploits launched against Windows 11. And the surprises continued into the second day, proving the momentum was far from waning.
Recent weeks have already tested the resilience of corporate cybersecurity to its limits. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory regarding a serious vulnerability in Chrome that is actively being exploited in the wild. Simultaneously, attacks leveraging HTTPBot have been discovered targeting enterprise Windows networks, while Microsoft confirmed the existence of a critical vulnerability in its cloud infrastructure — rated a maximum threat score of 10 out of 10. Against this backdrop, the news of VMware ESXi being compromised for $150,000 might seem like the proverbial “cherry on top,” but in truth, it represents something far more consequential.
Context is essential: Pwn2Own is a biannual, legally sanctioned competition that gathers the world’s finest hackers. Participants are given a narrow window to attack vendor-provided products using previously undisclosed vulnerabilities — all in an effort to uncover flaws before they can be exploited by malicious actors. Victories earn contestants both cash prizes and ranking points, but above all, the coveted title of Master of PWN.
In the case of VMware ESXi, this marked the first successful hypervisor breach in Pwn2Own’s history, dating back to its inception in 2007. The exploit was crafted by Nguyen Hoang Thach of the STARLabs SG team, who leveraged an integer overflow vulnerability — a single exploit, but an extraordinary one. For his discovery, he was awarded $150,000 and earned 15 points toward the tournament leaderboard.
Donate