Zerodium is a premium bug bounty platform created by cybersecurity specialists with zero-day exploit and vulnerability research experience. The goal of Zerodium is to gather together independent security researchers to give institutional clients the most sophisticated and strong cybersecurity capabilities.

Zerodium Process


Zerodium stated today in a brief tweet that it is looking to buy zero-day exploits for vulnerabilities in three prominent virtual private networks (VPN) service providers.

As my colleague, Cezarina, thoroughly explains, a zero-day exploit refers to the method used by attackers to infiltrate and deploy the malware into a system.

Unintentional flaws, as well as programming mistakes in software programs or operating systems, can lead to vulnerabilities. Vulnerabilities generate security gaps that hackers can exploit if they are not fixed.

By routing your internet connection through the provider’s servers, VPN services allow you to disguise your IP address when accessing resources on the internet, as this type of routing makes it more difficult for third parties to trace your online activities, in this way improving your internet privacy.

The vulnerabilities targeting Windows clients for NordVPN, ExpressVPN, and SurfShark VPN services are of special relevance to Zerodium at the moment, as the vulnerability broker announced.

As reported by BleepingComputerZerodium is looking for problems that might expose information about users, their IP addresses, and vulnerabilities that could be exploited to execute malware remotely, but local privilege escalation is one sort of vulnerability that the broker does not want.

Why Does Zerodium Want the Zero-Day Exploits?

The rationale for the exploit broker’s disclosure is unknown, but one possibility is that government customers want a means to detect cybercrime hidden behind VPN services.

Government institutions, especially from Europe and North America, who require advanced zero-day vulnerabilities and cybersecurity skills make up Zerodium’s customer base.

Only a limited number of government clients have access to obtained zero-day research, according to the firm, which is guided by ethics and picks customers based on stringent criteria and screening processes.

Zerodium announced a temporary boost in payouts for Chrome vulnerabilities earlier this year and offered $1,000,000 for remote code execution (RCE) and sandbox escape exploit (SBX).

It’s interesting to note as well that for both mobile and desktop platforms, Zerodium offers payments for any operating system. Windows, macOS, LinuxBSD, iOS, and Android are the most popular.

If you liked this article, follow us on LinkedInTwitterYouTubeFacebookand Instagram to keep up to date with everything we post.

Defining Zero Day Vulnerability

What is a Remote Access Trojan (RAT)?

DNS over HTTPS (DoH) – A Possible Replacement for VPN?

Leave a Reply

Your email address will not be published. Required fields are marked *