Security News > 2021 > October > Zerodium wants zero-day exploits for Windows VPN clients
In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network service providers on the market.
Zerodium's current interest is in vulnerabilities affecting Windows clients for NordVPN, ExpressVPN, and SurfShark VPN services.
BleepingComputer reached out to the three VPN service providers for comment on Zerodium's announcement but did not receive a reply at publishing time.
The reason behind the exploit broker's announcement remains undisclosed but one motive could be that government customers need a way to identify cybercriminal activity hiding behind VPN services.
A more recent example is from the National Security Agency this year, who warned that Russian hackers launched brute-force attacks against Kubernetes servers with their origin concealed through TOR and VPN services, among them Surfshark and NordVPN. The company says that its business is guided by ethics and selects customers based on strict criteria and vetting processes; and that only a small number of government clients have access to acquired zero-day research.
Earlier this year Zerodium announced a temporary payout increase for Chrome exploits.
News URL
Related news
- Lazarus hackers exploited Windows zero-day to gain Kernel privileges (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Windows Kernel bug fixed last month exploited as zero-day since August (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Telegram fixes Windows app zero-day caused by file extension typo (source)
- Telegram fixes Windows app zero-day used to launch Python scripts (source)
- Exploit code for Palo Alto Networks zero-day now public (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)