Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices. The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up to $20,000,000 for zero-day exploits for iPhone and Android devices. The Russian company pointed out […]

Secret Service seizes a covert communications network near U.N. composed of sophisticated equipment, including 100K SIMs and 300 servers

A Russian zero-day broker is willing to pay $20 million for zero-day exploits for iPhones and Android mobile devices.

The Russian zero-day broker firm Operation Zero is increasing payouts for top-tier mobile exploits. The company is willing to pay up to $20,000,000 for zero-day exploits for iPhone and Android devices.

The Russian company pointed out that the end user for its exploits is a non-NATO country, it also added that decided to increase the payout due to high demand on the market.

“By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform.” states the company.

Operation Zero was founded in 2022 by Sergey Zelenyuk, a former Kaspersky Lab security researcher. The company specializes in the sale of zero-day exploits to both governmental bodies and private organizations.

Unlike other zero-day brokers, such as Zerodium and Exodus Intelligence, Operation Zero focuses on the Russian market. Operation Zero’s clients include Russian government agencies and private businesses.

In April 2023, Operation Zero announced its expansion into the United Arab Emirates (UAE), seeking to attract new customers in the Middle East, where the surveillance market has exploded.

The Russian firm is also offering:

  • SonicWall NGFW RCE — Up to $200,000
  • FortiGate NGFW RCE — Up to $200,000
  • MS Word RCE — Up to $150,000

0-day exploits for mobile phones are often used by surveillance firms and intelligence agencies.

Zerodium Exploit Acquisition Program is offering up to $2,5 million for zero-click, zero-day flaws in Android devices and up to $2 million for similar zero-day issues affecting iOS devices.

zero-day Android iPhone

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Android)