Security News

Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. "We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward." -Zerodium.

In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network service providers on the market. Zerodium's current interest is in vulnerabilities affecting Windows clients for NordVPN, ExpressVPN, and SurfShark VPN services.

Exploit acquisition firm Zerodium on Tuesday announced that it is offering $100,000 for severe vulnerabilities in Pidgin for Windows and Linux. On June 1, Zerodium announced that, until August 31, it will be accepting the submission of exploits for unpatched vulnerabilities that affect the latest version of Pidgin on Windows and/or Linux.

Exploit acquisition company Zerodium announced last week that it's temporarily offering $300,000 for high-impact WordPress exploits. The company typically offers $100,000 for WordPress RCE exploits, the same amount as for Webmin, Plesk, and cPanel/WHM exploits.

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit developers and sellers with a $300,000 payout, three times more than the regular price.

Exploit acquisition firm Zerodium announced this week that it's no longer buying certain types of iOS exploits due to surplus, and the company expects prices to drop in the near future. Zerodium said on Twitter it would no longer acquire iOS local privilege escalation, Safari remote code execution, and sandbox escape exploits in the next 2-3 months "Due to a high number of submissions related to these vectors."

On Wednesday, the software exploit broker said it won't pay anything for some iOS bugs due to an oversupply. Apple's iOS 13 has been particularly buggy, enough that SVP of software engineering Craig Federighi reportedly overhauled the company's internal software testing process to avoid a repeat when iOS 14 arrives later this year.

Exploit acquisition firm Zerodium announced on Tuesday that it’s offering up to $2.5 million for powerful Android exploits, more than what it’s offering for the same type of exploit on iOS. read more

Exploit acquisition firm Zerodium this week announced that it’s prepared to pay up to $500,000 for VMware ESXi and Microsoft Hyper-V vulnerabilities. read more

Any chance we could appeal to your conscience and integrity and put in a call for ethical disclosure?