The inaugural Zeroday Cloud hacking competition in London has awarded security researchers a total of $320,000 for uncovering and demonstrating critical zero-day vulnerabilities in core cloud infrastructure components. Hosted by Wiz Research in partnership with major cloud providers like AWS, Microsoft, and Google, the event focused on identifying exploits in widely used database and container technologies.
Researchers achieved an 85% success rate across 13 hacking sessions, revealing 11 previously unknown flaws. The first day saw $200,000 awarded for exploits targeting Redis, PostgreSQL, Grafana, and the Linux kernel. On the second day, an additional $120,000 was granted for further compromises of Redis, PostgreSQL, and MariaDB. A particularly significant find was a container escape vulnerability in the Linux kernel, which could break the isolation between cloud tenants.
While successful in database and kernel targets, attempts to exploit AI inference platforms like vLLM and Ollama were unsuccessful. Team Xint Code emerged as the overall champion, earning $90,000 for three separate exploits. Despite the substantial payout, the total awarded represents only a small portion of the event's $4.5 million potential prize pool, as many other critical categories—including Kubernetes, Docker, and major web servers—remained unexploited.
Read more...