Latest Announcements

ZERODIUM is always improving its bug bounty program and payouts, and constantly expanding the list of eligible software. Our latest announcements and bounties can be found below:

Sep. 19, 2018 - We are acquiring pre-authentication RCE exploits affecting the following Routers: ASUS, Cisco, D-Link, Linksys, MikroTik, Netgear, TP-Link, and Ubiquiti. Exploits leading to authentication bypass or credentials disclosure are also accepted. Exploits relying on XSS or CSRF are not eligible.

Sep. 13, 2018 - ZERODIUM increases the payouts for various products including Chrome, WordPress, Apache, and many others, and adds new entries to the program: nginx, Exim, WinRAR, 7-Zip, WinZip, cPanel, Webmin, Plesk, NetBSD, OpenBSD, and FreeBSD.

Aug. 23, 2018 - We are currently paying up to $100,000 for code execution exploits affecting major file archivers: WinRAR, 7-Zip, WinZip (on Windows 10/8.1) or tar (on Linux). The exploit must rely on a common file archive format/extension and must have a reasonable file size. Valid until Oct. 31st, 2018.