The inaugural Zeroday Cloud competition brought together top security researchers to test the defenses of the world’s most prominent cloud environments. Organized by Wiz Research in collaboration with Amazon Web Services, Microsoft, and Google Cloud, the event aimed to proactively identify and patch high-risk vulnerabilities. Throughout the intensive sessions, participants maintained an impressive 85% success rate across thirteen different hacking attempts. Their efforts led to the discovery of eleven zero-day vulnerabilities, providing the industry with vital information to secure infrastructure used by millions of businesses globally.
Financial rewards were distributed quickly as researchers demonstrated the severity of their findings. On the first day alone, $200,000 was awarded for the successful exploitation of popular tools including Redis, PostgreSQL, Grafana, and the Linux kernel. The second day saw an additional $120,000 in prizes for exploits targeting MariaDB and further vulnerabilities in database systems. These successes were particularly notable because these databases are frequently used by cloud services to house sensitive data such as user credentials and private secrets.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
One of the most significant moments of the competition involved a container escape flaw in the Linux kernel. This specific vulnerability allowed attackers to bypass the isolation barriers that keep different cloud customers, or tenants, separated from one another. Since tenant isolation is a fundamental pillar of cloud security, the demonstration of this flaw emphasized the potential for a single compromised account to impact an entire shared server environment. While most attempts were successful, the event also tested the security of Artificial Intelligence models like vLLM and Ollama. Although these attempts to expose private AI datasets failed due to time constraints, they signaled a growing focus on the security of AI integrations in the cloud.
Among the participants, teams from cybersecurity firms Zellic and DEVCORE were recognized with $40,000 for their technical achievements. The competition also sparked intense interest in how modern cloud configurations handle administrative access and data encryption. By providing a controlled environment for these attacks, the organizers ensured that the vulnerabilities could be disclosed responsibly and patched before malicious actors could exploit them in the wild.
The event concluded with Team Xint Code being named the overall champion for their consistent performance across multiple categories. By successfully compromising Redis, MariaDB, and PostgreSQL, the team secured $90,000 of the total prize pool. The findings from the Zeroday Cloud competition serve as a reminder of the ongoing arms race between security professionals and cyber threats, underscoring the necessity of collaborative bug hunting to protect global digital infrastructure.
Source: Zeroday Cloud Hacking Event Rewards 320000 For 11 Zero Day Vulnerabilities
The kernel container escape finding is probably the most critical result here. The 85% success rate across attacks shows these aren't edge cases but systemic issues in how multi-tenant isolation is implemented. What's interesting is the failure on AI model exploits - it suggests either these systems have better input sanitization or the attack surface is just less understood right now. From my experience pentesting cloud infra, the issue isn't usually the vulnerability itself but the blast radius once you're in. A single Redis or PostgreSQL exploit in a shared environment can cascade fast if lateral movemnet controls arent tight. The $320k payout is good PR but feels low considering the potential cost of these vulns in production. Would be useful to see how long patching took after disclosure.