Find notable cyber news and cases, enriched with sources, timelines, and signals.

Microsoft Zero Day Quest $2.3M bounty payout

Commercial Activity
First reported
Last updated
Happening score
H score 0
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft awarded $2.3 million to researchers through Zero Day Quest, turning the contest into a major payout event for cloud and AI security testing. The live event at Microsoft's Redmond campus produced over 80 high-impact findings, including credential exposure, SSRF chains, and cross-tenant access. The program drew nearly 700 submissions from a global research community spanning 20+ countries.

Related Happenings

Pwn2Own Berlin 2026 multi-product zero-days privilege-escalation flaw

Vulnerability
H score40 First: 14.05.2026 21:53 Last: 14.05.2026 21:53 Sources 1

About this happening: **Pwn2Own Berlin 2026** opened with **24 unique zero-days** demonstrated against **fully patched products**, creating immediate exposure across browser, OS, virtualization, enterp...

KongTuke Microsoft Teams initial access campaign

Campaign
H score42 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...

Microsoft May 2026 Patch Tuesday release

Security Patch Release
H score44 First: 13.05.2026 13:36 Last: 13.05.2026 13:36 Sources 1

About this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...

Latest development: 01.06.2026 15:30

Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.

Microsoft security patch release for CVE-2026-41089

Security Patch Release
H score43 First: 13.05.2026 00:46 Last: 13.05.2026 00:46 Sources 1

About this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...

Code of conduct-themed Microsoft AiTM phishing campaign

Campaign
H score53 First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...

Timeline

  1. 15.04.2026 19:20 2 articles · 2mo ago

    Microsoft Zero Day Quest $2.3M bounty payout

    Initial Disclosure

    Microsoft paid out **$2.3 million** in Zero Day Quest rewards after the contest drew **nearly 700 submissions**. The 2026 live event centered on authorized testing of **cloud and AI security** in Microsoft's research environment.

    Show sources