ZERODIUM is always improving its bug bounty program and payouts, and constantly expanding the list of eligible software. Our latest announcements and bounties can be found below:
July 15, 2019 - We are paying $100,000++ for MikroTik router zero-days leading to pre-authentication RCE, or authentication bypass, or credentials disclosure. The exploit must work with the latest versions of RouterOS for one or more architectures (X86, ARM, MIPS).
May 8, 2019 - We are currently acquiring Secure Bootloader (S-Boot) exploits for Samsung Galaxy S10(+)/S9(+) allowing (through physical access) arbitrary code execution, security bypass, or sensitive data access. Only models with Exynos SoC are within our scope.
Mar. 5, 2019 - ZERODIUM is currently paying up to $500,000 for Microsoft Hyper-V or VMWare ESXi zero-day exploits allowing Guest-to-Host escapes. The exploit must work with default configurations, be fully reliable, and lead to a privileged access to the host system.