Redazione RHC : 1 August 2025 14:15
Trend Micro’s Zero Day Initiative (ZDI) has announced a reward worthy of a zero-day broker!
An unprecedented $1,000,000 reward is being offered to anyone who can develop a zero-click remote code execution (RCE) exploit against WhatsApp during the 2025 edition of Pwn2Own Ireland.
This record-breaking bounty, co-funded by Meta, marks the largest single prize ever offered in the competition’s history and highlights the crucial importance of protecting the world’s most popular messaging platform.
The collaboration between Meta and Pwn2Own Ireland 2025 marks a step change in big tech’s strategy to incentivize research into the most critical vulnerabilities. With over three billion users, WhatsApp is a prime target for nation-state actors and advanced persistent threat (APT) groups, who aim to compromise it without requiring any user interaction.
The increase in the bounty from last year’s $300,000 demonstrates Meta’s growing commitment to proactively preventing the most sophisticated threats. Specifically, the $1 million reward will be reserved for zero-click exploits capable of achieving complete remote code execution.
Smaller rewards will be available for vulnerabilities that require minimal interaction or only lead to privilege escalation, as specified by the organization. This tiered reward system aims to stimulate research across the app’s entire attack surface, from memory corruption bugs to logic flaws in message handling.
Pwn2Own Ireland 2025 will be held in Cork from October 21st to 24th and will include eight categories reflecting the modern threat landscape. In addition to the messaging category, researchers will be able to test their skills in:
Each categoryrequires realistic exploits, based on network-exposed attack surfaces, RF vectors, or proximity scenarios.
Registration closes at 5:00 PM (Irish time) on October 16, 2025. The order of demonstrations will be determined by random draw. In its 2024 edition, Pwn2Own Ireland awarded vulnerabilities worth a total of $1,066,625, recognizing over 70 unique zero-day exploits.
With Meta’s strategic partnership and the expansion of the competition categories, Pwn2Own Ireland 2025 promises to showcase the most advanced exploit techniques, strengthening global security through responsible vulnerability disclosure.