Redazione RHC : 22 August 2025 16:51
Advanced Security Solutions, based in the United Arab Emirates, was founded this month and is offering up to $20 million for zero-day vulnerabilities and exploits that would allow anyone to hack a smartphone via SMS. This is one of the highest figures for any 0day broker, at least among those that disclose it publicly.
In addition to $20 million for exploits of any mobile operating system, the company is also offering large rewards for zero-day vulnerabilities in other software:
It is unclear who is behind the company and who its customers are.
“We help government agencies, intelligence agencies, and law enforcement conduct precision operations on the digital battlefield,”the Advanced Security Solutions website states. “We actively collaborate with over 25 governments and intelligence agencies worldwide. Our customers consistently return for new services, demonstrating the trust and strategic value we provide in critical operational environments, including counterterrorism and counternarcotics.”
The website states They also noted that, despite the company’s newness, it employs “only professionals with over 20 years of experience in elite intelligence units and private military contractors.”
One of the first players in this field was Zerodium, which emerged in 2015. At the time, the company, created by Vupen co-founder Chaouki Bekrar, offered up to $1 million for iPhone hacking tools.
Three years later, in 2018, Crowdfense launched its own platform for purchasing vulnerabilities and exploits, offering up to $3 million for similar zero-days.
Zero-day prices have risen in recent years, partly due to increased demand and partly because modern devices and software are becoming increasingly difficult to hack thanks to improved security.
Thus, last year Crowdfense released a new price list, offering up to $7 million for zero-day vulnerabilities on iPhone and up to $5 million for similar exploits on Android. Zero-day vulnerabilities in specific applications have also started to cost significantly more. For example, up to $8 million for exploits on WhatsApp and iMessage and up to $4 million for Telegram.
For comparison, Advanced Security Solutions offers up to $2 million for exploits for Telegram, Signal, and WhatsApp.
It’s also worth noting that earlier this year, the Russian vulnerability broker Operation Zero became an outlier on the market, offering up to $20 million for the same types of exploits that Advanced Security Solutions is now seeking.
Zero-day brokers are intermediaries specializing in the buying and selling of computer vulnerabilities unknown to the public and software vendors, known as zero-days. These security flaws, not yet documented or patched, represent enormous value in the cyber market, as they allow the development of exploits capable of bypassing the defenses of the most widely used systems. Brokers operate like true merchants: they purchase vulnerabilities from independent researchers, hackers, or criminal groups, and then resell them to interested parties, ranging from governments and intelligence agencies to security companies or, in less legitimate cases, cybercriminals.
The zero-day broker market operates in a gray area, where the line between legal and illegal is often very thin. Some brokers operate in legal environments, collaborating with states or companies that use this information to develop defenses and strengthen security. Others fuel cybercrime by reselling exploits to ransomware groups, black markets, or state actors who use them for espionage or cyber warfare. Precisely because of their significant impact on global security, zero-day brokers are among the most discussed and controversial players in the cyber threat ecosystem.
Redazione