Pwn2Own Automotive 2026 uncovers 76 zero-days, pays out more than $1M

infosec in brief T'was a dark few days for automotive software systems last week, as the third annual Pwn2Own Automotive competition uncovered 76 unique zero-day vulnerabilities in targets ranging from Tesla infotainment to EV chargers.

A record 73 entries were included in this year's competition at Automotive World in Tokyo, and, while not all were successful, Trend Micro's Zero Day Initiative still ended up paying out more than $1 million to successful competitors. 

For those unfamiliar with the structure of a Pwn2Own competition, ethical hackers and security experts enter with plans to perform a certain exploit, which they must do in a limited time. Cash prizes are awarded for successful attempts, as are points, with both increasing based on uniqueness, impact, and complexity. 

The largest single-exploit payout (and point award) of the three-day event went to the eventual winners, a trio of security researchers from Fuzzware.io ...