Redazione RHC : 19 July 2025 09:41
Zeroday brokers are intermediaries who buy and sell software vulnerabilities that are unknown to the manufacturers and organizations that use them.
These vulnerabilities, known as “zerodays,” are exploited by cybercriminals to attack companies’ computer systems and networks. Zeroday brokers seek to profit by selling these vulnerabilities to governments, intelligence agencies, corporations, and other organizations, who use them to develop hacking tools and conduct surveillance.
In this article, we’ll understand the phenomenon of zeroday brokers, why it’s gaining popularity, and the dangers of this model in a digitally globalized world.
Trading zeroday vulnerabilities is a highly controversial practice and raises ethical questions about cybersecurity. Many cybersecurity experts argue that buying and selling vulnerabilities doesn’t make the digital world more secure, but rather increases its risk, as these tools can end up in the wrong hands.
Zeroday brokers purchase these vulnerabilities from security researchers or other individuals who discover them and then sell them to governments, intelligence agencies, security firms, and other interested entities. Zeroday brokers act as intermediaries between security researchers who discover the vulnerabilities and clients interested in purchasing them.
Purchasing a zero-day vulnerability can be very expensive, as it is a very powerful weapon for an attacker. Zeroday brokers can make a lot of money in this market because the supply of zero-day vulnerabilities is limited and clients are willing to pay very high prices for access to these vulnerabilities.
There are several reasons why a security researcher might choose to provide a zeroday to a broker rather than the product vendor:
However, it’s important to note that selling a vulnerability to a zeroday broker can also pose risks, such as the broker potentially spreading the vulnerability or engaging in illegal activity.
Therefore, security researchers should carefully evaluate their options before deciding to sell a vulnerability to a zeroday broker.
As we’ve reported, zeroday brokers can resell zero-day vulnerabilities to governments, intelligence agencies, or other interested organizations. These organizations could use the vulnerabilities to conduct intelligence operations or develop hacking tools for remote access to target systems.
In some cases, intelligence agencies could also use the vulnerabilities to compromise the systems of foreign organizations for intelligence purposes, economic espionage, or to support military operations.
In fact, companies that develop intelligence systems (such as NSO Group, which has been widely discussed in connection with the Pegasus malware) can acquire zerodays from brokers in various ways. In some cases, the companies themselves may contact brokers directly to purchase the rights to a specific zeroday, which they can then use to improve their own products or sell to their own customers. In other cases, brokers may approach companies directly and offer them the zerodays they’ve collected.
It’s important to note that many of these practices occur in a gray area of legality and morality, as zerodays can be used for controversial purposes, such as mass surveillance or violating user privacy.
It’s inappropriate to reference or promote specific zeroday brokers, as we’ve seen, the acquisition and sale of zeroday vulnerabilities could pose a threat to cybersecurity. Furthermore, many zeroday brokerage activities are suspicious and may violate cybersecurity laws or human rights. However, there have been media reports indicating the existence of several well-known zeroday brokers, including Zerodium, Exodus Intelligence and Vupen Security.
Zero-day exploits are used by intelligence and spyware companies to improve their products and then resell them to governments, which use them to monitor specific devices. Zero-day no-click exploits are particularly popular because they allow spyware to be installed on devices without any user interaction.
For example, zero-day exploits can be used to monitor phone conversations and text messages, gather information about online activity, access sensitive files, steal login credentials, and much more. All this happens without the target noticing the intrusion.
This type of activity can be carried out for various purposes, including gathering information on specific individuals, preventing threats to national security, or fighting terrorism. However, the use of zero-days is often debated, as it raises questions about privacy and the legality of surveillance activities.
In conclusion, zero-day brokers are companies that specialize in buying and selling cyber vulnerabilities unknown to software vendors. While these brokers can be used to sell vulnerabilities to those who use them for malicious purposes, many of their clients have been described as governments and intelligence agencies seeking to protect their countries by discovering exploitable cyber vulnerabilities.
The nature of these brokers, however, raises many concerns about user security and privacy, as exploited vulnerabilities can cause irreparable damage. Furthermore, zeroday trading raises ethical questions about the use of cybersecurity and the responsibility of governments and companies to protect users.
For this reason, many cybersecurity experts are working to develop safer and more transparent methods for disclosing vulnerabilities to better protect users and prevent malicious use of zerodays.
Redazione