Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

What is Mistral AI? Everything you need to know about the OpenAI competitor

Podcasting platform Riverside is getting into the newsletter game

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    What is Mistral AI? Everything you need to know about the OpenAI competitor

    4 July 2026

    Anthropic is discussing a new custom chip with Samsung

    3 July 2026

    Jersey Mike’s IPO shows just how bad the AI ​​hype has gotten

    3 July 2026

    OpenAI proposed donating 5% of its equity to a US sovereign wealth fund

    2 July 2026

    SpaceX has a prototype AI device, and it sure sounds like a phone

    2 July 2026
  • Apps

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026

    Travel app Hopper to pay $35 million in FTC settlement over ‘unfair’ hidden fees

    3 July 2026

    Meta quietly launches vibe-encoded Pocket gaming app

    3 July 2026

    Popular TV-watching app TV Time is shutting down as the company focuses on artificial intelligence

    2 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026

    Ashton Kutcher is leaving Sound Ventures to start a new VC firm with Morgan Beller

    2 July 2026

    Flipper’s new Busy Bar is a customizable display for productivity

    30 June 2026

    South Korea’s tech giants pledge over $550 billion to ease ‘RAMageddon’

    30 June 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026

    Cellebrite said it cut off Russia, but Russia used its tools anyway

    26 June 2026
  • Startups

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026

    Indian tech tycoon bets $30 million of his own money to build AI alternative to Microsoft Office

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026

    How to invest when everything is moving too fast

    24 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»The price of zero-day exploits is rising as companies harden products against hackers
Security

The price of zero-day exploits is rising as companies harden products against hackers

techtost.comBy techtost.com6 April 202407 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
The Price Of Zero Day Exploits Is Rising As Companies Harden
Share
Facebook Twitter LinkedIn Pinterest Email

Tools that enable government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage are now worth millions of dollars — and their price has multiplied in recent years as these products become more difficult to carriage for hire.

On Monday, startup Crowdfense published its updated price list for these hacking tools, which are commonly known as “zero-days” because they rely on unpatched vulnerabilities in software that are unknown to the makers of that software. Companies such as Crowdfense and one of Zerodium’s competitors claim to acquire these zero-days with the goal of reselling them to other organizations, usually government agencies or government contractors, who claim they need the hacking tools to track or spy on criminals .

Crowdfense is now offering between $5 million and $7 million for zero-days to enter iPhones, up to $5 million for zero-days to enter Android phones, up to $3 million and $3.5 million for Chrome and Safari zero-days respectively and $3 to $5 million for WhatsApp and iMessage zero-days.

In his previous price listpublished in 2019, the highest payouts offered by Crowdfense were $3 million for Android and iOS zero-days.

The price hike comes as companies such as Apple, Google and Microsoft make their devices and apps harder to hack, meaning their users are better protected.

“It should be harder every year to exploit whatever software we’re using, whatever devices we’re using,” said Dustin Childs, who heads threat awareness at Trend Micro ZDI. Unlike CrowdFense and Zerodium, ZDI pays researchers to obtain zero-days and then reports them to affected companies with the goal of patching the vulnerabilities.

“As more zero-day vulnerabilities are discovered by threat intelligence groups like Google, and platform protections continue to improve, the time and effort required by attackers increases, increasing the cost of their findings,” he said. Shane Huntley, head of Google’s Threat Analysis Group, which monitors hackers and the use of zero-days.

In a report last monthGoogle said it saw hackers exploit 97 zero-day vulnerabilities in the wild in 2023. Spyware vendors, who often work with zero-day brokers, were responsible for 75% of zero-days targeting Google and Android products, according to with the company.

People in and around the zero-day industry agree that the job of exploiting vulnerabilities is getting harder.

David Manouchehri, a security analyst with knowledge of the zero-day market, said that “hard targets like Google’s Pixel and iPhone are getting harder to hack every year. I expect costs to continue to rise significantly over time.”

“The mitigations that sellers are putting in place are working and it’s driving the whole trade to become much more complex, much more time-consuming and so clearly that’s then reflected in the price,” said Paolo Stagno, director of research at Crowdfense. TechCrunch.

Contact us

Do you know more zero-day brokers? Or for spyware providers? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email. You can also contact TechCrunch via SecureDrop.

Stagno explained that in 2015 or 2016 it was only possible for a researcher to find one or more zero-days and develop them into a full exploit targeting iPhone or Android. Now, he said, “that’s almost impossible,” as it requires a team of many researchers, which also causes prices to rise.

Crowdfense is currently offering the highest publicly known prices to date outside of Russia, where a company called Operation Zero announced last year that it was willing to pay up to $20 million for tools to hack iPhones and Android devices. Prices in Russia, however, may be inflated due to the war in Ukraine and subsequent sanctions, which could discourage or permanently prevent people from doing business with a Russian company.

Public opinion aside, governments and corporations are likely to pay even higher prices.

“Prices Crowdfense offers researchers for individual Chrome [Remote Code Execution] and [Sandbox Escape] The exploits are below market rates compared to what I’ve seen in the zero-day industry,” said Manouchehri, who previously worked at Linchpin Labs, a startup focused on developing and selling zero-days. Linchpin Labs was acquired by the American defense company L3 Technologies (now known as L3Harris) in 2018.

Alfonso de Gregorio, its founder Zeronomiconan Italy-based startup that acquires zero-days, agreed, telling TechCrunch that prices could “definitely” be higher.

Zero days have been used in court-sanctioned law enforcement operations. In 2016, the FBI used a zero-day provided by a startup called Azimuth to break into the iPhone of one of the shooters who killed 14 people in San Bernardino. according to the Washington Post. in 2020, Motherboard exposed that the FBI — with the help of Facebook and an unnamed third-party company — used a zero-day to track down a man who was later convicted of harassing and extorting young girls online.

There have also been several cases where zero-days and spyware have reportedly been used to target human rights dissidents and journalists in Ethiopia, Morocco, Saudi Arabiaand United Arab Emirates, among other countries with poor human rights records. There have also been similar cases of alleged abuse in democratic countries such as Hellas, Mexico, Polandand Spain. (Neither Crowdfense, Zerodium, or Zeronomicon have ever been accused of engaging in similar affairs.)

Zero-day brokers, as well as spyware companies such as NSO Group and Hacking Team, have often been criticized for selling their products to unsavory governments. In response, some of them are now pledging to respect export controls in an effort to curb potential abuses by their customers.

Stagno said Crowdfense follows the embargoes and sanctions imposed by the United States — even though the company is based in the United Arab Emirates. For example, Stagno said the company would not sell to Afghanistan, Belarus, Cuba, Iran, Iraq, North Korea, Russia, South Sudan, Sudan and Syria — all in the U.S. lists of sanctions.

“Whatever the US does, we’re on the ball,” Stagno said, adding that if an existing client was put on the US sanctions list, Crowdfense would drop it. “All companies and governments directly sanctioned by the US are exempt.”

At least one company, the spyware consortium Intellexa, is on Crowdfense’s specific blacklist.

“I can’t tell you if he was a client of ours and if he stopped being,” Stagno said. “However, as far as I’m concerned right now Intellexa could not be our client.”

In March, the US government announced sanctions against Intellexa founder Tal Dilian and a business associate, the first time the government has sanctioned people involved in the spyware industry. Intellexa and its sister company Cytrox were also sanctioned by the US, making it harder for the companies, as well as the people running them, to stay in business.

These penalties have caused concern in the spyware industry, as TechCrunch reported.

Intellexa’s spyware has been reported to have been used against US Congressman Michael McCaul, US Senator John Hoeven and European Parliament President Roberta Metzola, among others.

De Gregorio, Zeronomicon’s founder, declined to say who the company is selling to. On its website, the company has published a code of business ethicswhich includes screening customers to avoid dealings “with entities known to abuse human rights” and respecting export controls.

Companies Crowdfense cyber security exploits hackers harden infosec price products Rising Spyware Zero Zero-days zeroday
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleWhen it comes to creating startups in Boston, success breeds success
Next Article X makes the Grok chatbot available to premium subscribers
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026

Cloudflare’s new policy pushes AI companies to pay for publishers’ content

1 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

4 July 2026

What is Mistral AI? Everything you need to know about the OpenAI competitor

4 July 2026

Podcasting platform Riverside is getting into the newsletter game

4 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

Last chance to apply — Startup Battlefield Australia applications close on 6 July

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.