Security News > 2021 > October > Zerodium wants zero-day exploits for Windows VPN clients
In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network service providers on the market.
Zerodium's current interest is in vulnerabilities affecting Windows clients for NordVPN, ExpressVPN, and SurfShark VPN services.
BleepingComputer reached out to the three VPN service providers for comment on Zerodium's announcement but did not receive a reply at publishing time.
The reason behind the exploit broker's announcement remains undisclosed but one motive could be that government customers need a way to identify cybercriminal activity hiding behind VPN services.
A more recent example is from the National Security Agency this year, who warned that Russian hackers launched brute-force attacks against Kubernetes servers with their origin concealed through TOR and VPN services, among them Surfshark and NordVPN. The company says that its business is guided by ethics and selects customers based on strict criteria and vetting processes; and that only a small number of government clients have access to acquired zero-day research.
Earlier this year Zerodium announced a temporary payout increase for Chrome exploits.
News URL
Related news
- LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon (source)