Security News > 2021 > October > Zerodium wants zero-day exploits for Windows VPN clients

In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network service providers on the market.

Zerodium's current interest is in vulnerabilities affecting Windows clients for NordVPN, ExpressVPN, and SurfShark VPN services.

BleepingComputer reached out to the three VPN service providers for comment on Zerodium's announcement but did not receive a reply at publishing time.

The reason behind the exploit broker's announcement remains undisclosed but one motive could be that government customers need a way to identify cybercriminal activity hiding behind VPN services.

A more recent example is from the National Security Agency this year, who warned that Russian hackers launched brute-force attacks against Kubernetes servers with their origin concealed through TOR and VPN services, among them Surfshark and NordVPN. The company says that its business is guided by ethics and selects customers based on strict criteria and vetting processes; and that only a small number of government clients have access to acquired zero-day research.

Earlier this year Zerodium announced a temporary payout increase for Chrome exploits.

News URL

https://www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/