Imagine a world where your car’s entertainment system, charging station, or even its operating system could be hijacked by hackers in seconds. Sounds like a sci-fi nightmare, right? But that’s exactly what’s happening right now at Pwn2Own Automotive 2026, where security researchers are exposing vulnerabilities in the technology we trust every day. On the second day alone, these white-hat hackers exploited a staggering 29 zero-day vulnerabilities, earning them a cool $439,250 in cash prizes. And this is just the tip of the iceberg.
Held in Tokyo, Japan, from January 21 to 23, this annual hacking contest is part of the Automotive World conference (https://www.automotiveworld.jp/tokyo/en-gb.html). Here, experts target fully patched systems like electric vehicle (EV) chargers, in-vehicle infotainment (IVI) systems, and car operating systems such as Automotive Grade Linux. But here’s where it gets controversial: while these exploits highlight critical weaknesses, they also raise questions about how prepared automakers are to protect our vehicles from real-world attacks.**
Leading the charge is Fuzzware.io, which has dominated the leaderboard with $213,000 in earnings after just two days. They’ve successfully hacked devices like the Phoenix Contact CHARX SEC-3150 charging controller, the ChargePoint Home Flex EV charger, and the Grizzl-E Smart 40A EV charging station, pocketing an additional $95,000. Not far behind is Sina Kheirkhah of Summoning Team, who earned $40,000 for rooting devices like the Kenwood DNR1007XR navigation receiver and the Alpine iLX-F511 multimedia receiver. Rob Blakely and Hank Chen also took home $40,000 each for their exploits targeting Automotive Grade Linux and the Alpitronic HYC50 charging station.
By the end of day two, researchers had collectively earned $955,750 by exploiting 66 zero-day vulnerabilities. And this is the part most people miss: these aren’t just theoretical risks—they’re real flaws that could be exploited by malicious actors if left unpatched. On day three, teams like Slow Horses of Qrious Secure and PetoWorks will continue the battle, targeting devices like the Grizzl-E Smart 40A and the Alpitronic HYC50.
Looking back, the stakes have only grown higher. In 2025, hackers earned $886,250 for exploiting 49 zero-days, while in 2024, they raked in $1.3 million and even hacked a Tesla—twice. Here’s the kicker: vendors have just 90 days to patch these flaws before they’re publicly disclosed by TrendMicro’s Zero Day Initiative. Are automakers moving fast enough to keep up?
As we dive into budget season, the 2026 CISO Budget Benchmark (https://www.wiz.io/reports/ciso-security-budget-benchmark-2026?utmsource=bleepingcomputer&utmmedium=display&utmcampaign=FY26Q3INBFORM2026-CISO-Budget-Benchmark-Report&sfcid=701Py00000TCR5YIAX&utmterm=FY26Q4-bleepingcomputer-article-ad&utmcontent=2026-CISO-Budget) offers a glimpse into how over 300 security leaders are prioritizing their spending. With insights on strategies and emerging trends, it’s a must-read for anyone navigating the complex world of cybersecurity in 2026.
Thought-provoking question for you: As vehicles become smarter and more connected, are we doing enough to secure them? Or are we racing toward a future where our cars could be the next big cybersecurity battleground? Let’s discuss in the comments!
