The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure.
The first hacking event focused on cloud systems, the competition is hosted by Wiz Research in partnership with Amazon Web Services, Microsoft, and Google Cloud.
The researchers were successful in 85% of the hacking attempts across 13 hacking sessions, demonstrating 11 zero-day vulnerabilities.
A blog post summarizing the event notes $200,000 was awarded during the first day for successful exploitation of issues in Redis, PostgreSQL, Grafana, and the Linux kernel.
During the second day, researchers earned another $120,000, showing exploits in Redis, PostgreSQL, and MariaDB, the most popular databases used by cloud systems to store critical information (e.g., credentials, secrets, sensitive user information).
Overview of Zeroday Cloud 2025
Source: Wiz
The Linux kernel was compromised through a container escape flaw, which allowed attackers to break isolation between cloud tenants, undermining a core cloud security guarantee.
Researchers at cybersecurity companies Zellic and DEVCORE were awarded $40,000 for their success.
Team CCC receiving the highest single bounty payment in the competition
... continue reading