"Tianfu Cup was launched as an alternative to the Zero Day Initiative's Pwn2Own competition, which regularly pays out more than $1 million to white hat hackers who demonstrate critical vulnerabilities in consumer and enterprise hardware and software, industrial control systems, and automotive products. Tianfu Cup made headlines in 2021, when participants earned a total of $1.9 million for exploits targeting Windows, Ubuntu, iOS, Microsoft Exchange, Chrome, Safari, Adobe Reader, Asus routers, and various virtualization products."
"After a two-year hiatus in 2024 and 2025, the Tianfu Cup returned in 2026, but again little information has been made public. The event took place January 29-30. According to threat intelligence firm Natto Thoughts, the hacking competition is now organized by China's Ministry of Public Security (MPS) and it appears to be even more secretive. Eugenio Benincasa, an ETH Zurich cybersecurity researcher focusing on China, pointed out in a Natto Thoughts blog post that the MPS announced the Tianfu Cup on January 16."
Tianfu Cup returned in 2026 under increased government oversight and limited transparency. The competition originated as an alternative to Pwn2Own and previously paid large bounties, including $1.9 million in 2021 for exploits across major operating systems, browsers, enterprise software, and virtualization. The event paused in 2022, returned in 2023 with a domestic-product focus, and then paused again in 2024–2025. The 2026 event occurred January 29–30 and was reportedly organized by China's Ministry of Public Security, with public-facing materials removed, the site restricted to domestic visitors, and target lists obtained by researchers before removal.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]