Pwn2Own Automotive 2026 set a new record with 76 unique zero-day vulnerabilities discovered, exposing the rapidly expanding attack surface across SDVs, IVI systems, and EV charging infrastructure. The final day crowned Fuzzware.io as Master of Pwn 2026, with 28 Master of Pwn points.
Day 2 delivered 29 new zero-days, pushing the total to a record 66. Researchers repeatedly compromised Level 2/3 EV chargers and IVI systems using practical flaws like exposed interfaces and command injection. The takeaway: automotive and charging infrastructure attacks are now repeatable at scale—shifting cyber risk from theoretical to immediate operational impact.
Pwn2Own Automotive 2026 Day 1 opened with record-breaking momentum, with researchers successfully compromising infotainment systems, EV chargers, and Tesla interfaces—highlighting how expansive today’s automotive attack surface has become. The surge in entries and chained exploits confirms a clear shift: in the SDV era, automotive cyber risk is no longer isolated to the vehicle, but systemic across the entire ecosystem.
Pwn2Own Automotive 2026 exposes critical zero-day vulnerabilities in software-defined vehicles before they escalate into real-world business and operational risk. By ensuring zero-day vulnerabilities move from exposure to resolution, the event transforms discovery into Automotive Foresight—helping organizations stay ahead of risk before it reaches the road.
We analyze the multiple zero-day vulnerabilities discovered in popular aftermarket automotive devices, map them to the Automotive Threat Matrix, and illustrate how attackers could exploit these critical flaws in real-world scenarios.
An analysis of the recent immobilization incident affecting a luxury car brand: what happened, what likely didn’t, and how car manufacturers can prevent anti-theft systems from compromising vehicle availability and safety.
We examine the electric vehicle (EV) charging communication vulnerabilities revealed at the recent DEF CON 33, highlighting their mitigations and broader industry impacts.
We examine the vulnerabilities discovered in an EV charger during Pwn2Own Automotive to reveal where EVSE cybersecurity standards fall short and why stronger, unified measures are critical for securing the charging infrastructure.
Euro 7 links emissions integrity to cybersecurity. In this blog, we show how a differentiated, tiered TARA provides a practical path to compliance with Euro 7’s anti-tampering mandates through minimal updates to existing UN R155 frameworks.
VicOne and the American Center for Mobility (ACM) examine the evolving threat landscape of electric vehicle supply equipment (EVSE) and outline strategies to secure the grid edge.
This blog explores how RAMN, especially when paired with the CARLA simulator, enables secure, hands-on experimentation and simulation in automotive embedded systems and cybersecurity research.
VicOne shares key insights from its Q3 2025 Situational Awareness Report on cybersecurity in the automotive, transportation, and logistics sectors.
We examine one of the challenges at the SPIRITCYBER Automotive CTF 2025, where a simulated CAN injection attack exposes security gaps in modern connected vehicles.