A Well-Known Bug Bounty Platform Wants Zero-day Exploits for Windows VPN Clients

Zerodium is a premium bug bounty platform created by cybersecurity specialists with zero-day exploit and vulnerability research experience. The goal of Zerodium is to gather together independent security researchers to give institutional clients the most sophisticated and strong cybersecurity capabilities.


Zerodium stated today in a brief tweet that it is looking to buy zero-day exploits for vulnerabilities in three prominent virtual private networks (VPN) service providers.

We’re looking for #0day exploits affecting VPN software for Windows:

– ExpressVPN
– NordVPN
– Surfshark

Exploit types: information disclosure, IP address leak, or remote code execution. Local privilege escalation is out of scope.

Contact us: https://t.co/R6E2CVU9K3

— Zerodium (@Zerodium) October 19, 2021

As my colleague, Cezarina, thoroughly explains, a zero-day exploit refers to the method used by attackers to infiltrate and deploy the malware into a system.

Unintentional flaws, as well as programming mistakes in software programs or operating systems, can lead to vulnerabilities. Vulnerabilities generate security gaps that hackers can exploit if they are not fixed.

By routing your internet connection through the provider’s servers, VPN services allow you to disguise your IP address when accessing resources on the internet, as this type of routing makes it more difficult for third parties to trace

Read More: https://heimdalsecurity.com/blog/a-well-known-bug-bounty-platform-wants-zero-day-exploits-for-windows-vpn-clients/