CVE-2024-11518

creationtimestamp| type| source ---|---|--- 2024-11-21 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1596/...

Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...

PHP Zerodium Backdoor

An attacker might upload a web shell backdoor to a PHP server via zerodium prefix. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

Zerodium Spikes Payout for Outlook Zero-Days

Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. Act fast if you have the goods and the moral equanimity, to make up to $400,000 for a zero-click, remote code-execution RCE exploit. “Zero-click” means that targets neither have to read a malicious email message no...

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

The launch of a standing offer to pay for Windows virtual private network VPN software zero-day exploits came to light this week, even as the U.S. mulls new regulations on the export of tools that could be used in cyberattacks against the U.S. or its interests. The developments signal that the U....

PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src"...

Google offers up to $1.5 million bounty for remotely hacking Titan M chip

With its latest announcement to increase bug bounty rewards for finding and reporting critical vulnerabilities in the Android operating system, Google yesterday set up a new challenging level for hackers that could let them win a bounty of up to $1.5 million. Starting today, Google will pay $1...

Zerodium to pay up to $2.5 million for reporting 0-day Android exploits

By Uzair Amir Zero-Day Android exploits are now more valuable then iOS exploits. This is a post from HackRead.com Read the original post: Zerodium to pay up to $2.5 million for reporting 0-day Android exploits...

Android Zero-Days Now Worth More Than iPhone Exploits

An Android zero-day exploit is now worth more than one for the iPhone on the global cyberweapons market. Exploit acquisition vendor Zerodium said Tuesday that it is willing to pay a whopping $2.5 million for a zero-click Android zero-day with persistence. That number significantly increases the...

Exploit Reseller Offering Up To $2.5 Million For Android Zero-Days

Well, there's some good news for hackers and vulnerability hunters, though terrible news for Google, Android device manufacturers, and their billions of users worldwide. The zero-day buying and selling industry has recently taken a shift towards Android operating system, offering up to $2.5 milli...

Google Triples Some Bug Bounty Payouts

Google is upping the ante for its Chrome bug bounty rewards program, doubling payouts from $15,000 to $30,000 for “high-quality” reports. It is also tripling baseline payouts for Chrome to $15,000. The bug-bounty pay raise is part of Google’s Chromium open-source project, which supplies the vast...

'Chaos' iPhone X Attack Alleges Remote Jailbreak

A Chinese security researcher has published what he claims is a proof-of-concept exploit that would allow a remote attacker to jailbreak an iPhoneX, unbeknownst to the user – allowing them to gain access to a victim’s data, processing power and more. Qixun Zhao of Qihoo 360 built the exploit, whi...

Zerodium is paying $2 million for Apple iOS remote jailbreak

By Waqas Zerodium, an infosec and premium zero-day acquisition platform known for selling zero-day exploits to governments has announced that it will be paying a huge amount of money to buy iOS remote jailbreak and exploits related to WhatsApp, iMessage, or SMS/MMS. See: Zerodium uses Twitter to...

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

Well, there's some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers! Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online ch...

Zerodium Raises Zero-Day Payout Ceiling to $2M

Exploit acquisition vendor Zerodium said Monday that it is upping its payouts for full, working exploits across its entire program. It’s now paying $2 million for remote iOS jailbreaks, $1 million for WhatsApp/iMessage/SMS/MMS remote code-execution RCE and a half-million for Google Chrome RCEs. T...

Security firm uses Twitter to disclose critical zero-day flaw in Tor Browser

By Waqas Zerodium, an infosec and premium zero-day acquisition platform tweeted about the flaw in Tor browser on Monday. The infamous exploit vendor and buyer/seller of popular software vulnerabilities, Zerodium has revealed a critical flaw in Tor browser software. According to a tweet posted by...

Tor Browser Zero-Day Exploit Revealed Online – Patch Now

Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites you visit. In a Tweet, Zerodium share...

Zerodium Offering $1M for Tor Browser Zero Days

The exploit acquisition vendor Zerodium is doubling down again. Weeks after the company said it would pay $500,000 for zero days in private messaging apps such as Signal and WhatsApp, Zerodium said Wednesday it will pay twice that for a zero day in Tor Browser. The company said it will pay up to ...

Zerodium Offers $1 Million for Tor Browser 0-Days That It will Resell to Governments

It seems like Tor Browser zero-day exploits are in high demand right now—so much so that someone is ready to pay ONE MILLION dollars. Zerodium—a company that specialises in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits...

On the S3 Leaks, Zerodium's Messaging App Bounties, ROPEMAKER, and More

Mike Mimoso and Chris Brook discuss the news of the week, including the recent AWS S3 leaks, Zerodium’s bounty on secure messaging app zero days, Ropemaker, and cobot vulnerabilities. Download: ThreatpostNewsWrapAugust252017.mp3 Music by Chris Gonsalves Show notes: Industrial Cobots Might Be The...