@DarkWebInformer I wounder why they don't cotact #zerodium and get some #Monero that way?

@metacurity espechally since #Zerodium and other #ExploitBrokers propably offers double that, paid in #Monero, no questions asked.

@ip6li@mastodon.social @SchreibeEinfach nickt zustimmend IMHO verdient @Lilith nen #Bundesverdienstkreuz denn die hätte viel weniger Stress wenn diese statt "#ResponsibleDisclosure" jene Lücken gegen #Monero an #ExploitHändler wie #Zerodium verkauft hätte.

• Glücklicherweise hat Sie Prinzipien…

@dbof Their "friction" is mere lazyness to distribute the Secret Key among their devs.

And if #JitsiMeet devs can't be assed to do something that trivial then maybe folks who want to stay anonymous won't contact them, but instead send their exploit in a #PGP/MIME-encrypted eMail to #Zerodium where they get paid in #XMR with no questions asked.

• IOW: If they make it hard to do "the right thing" then people won't do it.

I asked on behalf of a friend who wanted to stay anonymous and doesn't have a #GitHub or #HackerOne account and can't signup to either due to unacceptable #ToS.

• If that's outside of their imagination then maybe they are unfit to debelop and maintain such a software...

#rant #ITsec #InfoSec #OpSec #ComSec #ResponsibleDisclosure

@jerry Combined data from Google's Threat Analysis Group (TAG) and Mandiant shows 97 zero-day vulnerabilities were exploited in 2023; a big increase over the 62 zero-day vulnerabilities identified in 2022, but still less than 2021's peak of 106 zero-days.
#zero day trends #cve #zerodium

@lunch So you just admitted that you vomitted #FUD into my mentions without evidence?

If you're so smart, then why don't you sell your #exploit / #ProofOfConcept / #Whitepaper to the highest bidder?

• I'm shure #Zerodium and all the LEAs would try to outbid each other...

Alas, your messages are just hot air, and not substantiated by anything...

At best your info is 2+ years outdated...

📬 Zero-Day-Exploits immer teurer: Unternehmen schützen ihre Produkte besser
#ITSicherheit #Crowdfense #HackerAngriff #Hacking #Schwarzmarkt #SpywareBranche #ZeroDayExploit #Zerodium https://sc.tarnkappe.info/5c6bdb

@thijs usually that should be written in the #ResponsibleDisclosure terms & conditions.

Exploit dealers like #Zerodium are able and willing to pay #Monero :monero: and just send #XMR to a wallet of choosing.

Others may offer cash-on-delivery or a cheque to redeem at a bank...

Again: This should've been thought of beforehand!

Personally I'd do offer payment using XMR if I had any bounties to fulfil, but that's just me...

Maybe ask @ChickenPwny what's prefered?

@north olease let me know.if they start #ShootungTheMessenger so others can spare the time and effort to contact them and just sell the code to #Zerodium and other #exploit buyers...

Is there an ethical (or less evil) alternative to #zerodium ? #zeroday #infosec

@GossiTheDog He doesn't outlaw #Govware tho, thus only upsetting control-freaks too lazy to use #Microsoft365's Dashboard, but not even discomforting #NSO and #Zerodium as #Cybermercenaries For Hire...

@amuse @k8em0 Personally, I'm not a fan of "coordinated" vulnerability disclosure.

In fact I think that #Google's #ProjectZero approach is more than graceful enough.

Big #CCSS vendors like #Microsoft should be glad if someone chooses to look up the security.txt and contact them with details and not straight-up sell an exploit to #Zerodium and other #Govware - #Suppliers, cuz those pay better and ask fewer questions.

Alledgedly, Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm #Zerodium.…https://lnkd.in/eaPYZfPr

#PHP 、不正なコミット発生を受けてリポジトリをGitHubへ移行 | スラド セキュリティ
https://security.srad.jp/story/21/03/30/1643234/

#Zerodium （´・ω・） ｶﾜｲｿｽ

"La sécurité #iOS est foutue [...] Gageons qu' #iOS14 sera meilleur" : quand le dirigeant de #Zerodium accule #Apple !

https://blog.sosordi.net/2020/05/la-securite-ios-est-foutue-gageons-quios14-sera-meilleur-quand-le-dirigeant-de-zerodium-accule-apple.html

#securite #0day

Android Zero-Days Now Worth More Than iPhone Exploits - Exploit broker Zerodium has implemented a $2.5 million price tag for a zero-click 0-day in Android... more: https://threatpost.com/android-zero-days-worth-more-iphone-exploits/147981/ #globalcyberweaponsmarket #vulnerabilities #workingexploits #androidzeroday #bountypayouts #exploitvalue #zerodium #payouts #apple

Earn $2.5 million if you find a remote zero-day exploit for Android - A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would all... more: https://www.grahamcluley.com/earn-2-5-million-if-you-find-a-remote-zero-day-exploit-for-android/ #vulnerability #zerodium #android #malware #privacy

Les jailbreaks distants d’iOS, ça peut rapporter 2 millions de dollars #zdnet https://www.zdnet.fr/actualites/les-jailbreaks-distants-d-ios-ca-peut-rapporter-2-millions-de-dollars-39879053.htm #zerodium