In response to the increasing importance of protecting corporate communications, VulnPoint, a new player in the cybersecurity market, has updated its price list. The company is now offering up to $300,000 for exploits targeting Slack applications for Windows and macOS operating systems — this is the first time rewards have reached such a mark.
Founded in 2020, actively acquiring exploits for various zero-day vulnerabilities to offer them to large corporate clients and government organizations around the world. As part of this process, the company has launched its own bug bounty program, in which researchers can sell exploits for up to $1 million, depending on the type and complexity of the bug.
As part of its initiatives, VulnPoint regularly conducts special «bug detection» promotions, offering increased rewards for exploits of certain software. The company recently announced on its Twitter page that exploits that allow remote code execution without user interaction for Slack on macOS and Windows platforms are now valued significantly higher than similar vulnerabilities for other communication platforms.
Many information security experts emphasize that a successful hacking of Slack can provide attackers not only with access to confidential corporate correspondence, but also the ability to control user accounts, which makes such exploits especially valuable.
The company did not specify for what period of time the increased reward applies, but stressed that all exploits submitted should be directed against the latest version of Slack, and program participants should provide a full description of the methodology for using the vulnerability found, including code examples.
