/>
RU EN

THE 2026 SUMMER TRENDS

Back

This post is a reprint of our recent request made in the Telegram channel for those who don't follow us in social networks. Due to peculiarities of the design, the price cards aren't visible in full on a desktop so you need to open them in a separate tab. We are working on fixing that.

We truly respect what Google and Microsoft do for the security research community. Thanks to them, even such a small companies like OPZERO have been given a chance to work for our country without big expenses: our marketing budget till 2026 was 0 rubles. Fortunately, in 2026 the vendors decided to help the zero-day market grow with decisions that will be written down in marketing books, and perhaps in the annals of history. The aid is out of control:

— Google (capitalization 4.54T USD) decreases the payout amounts for read/write vulnerabilities in Chrome subsystems to $500 [1].
— Microsoft (capitalization 3.42T USD) declines to pay for critical vulnerabilities, deletes the GitHub account of Nightmare Eclipse, and indirectly claims his actions assist criminal activity [2].

Meanwhile, OPZERO (means capitalization is 0 USD) accepts their help and publishes a new large request. A trend of this Summer is pre-authenticated RCE in enterprise software for initial access. The requirements are: working on default configuration, zero user interaction, time of execution less than 1 minute, reliability near 100%. You can find the exact list of targets and prices in the following post. The request is valid till the end of 2026 year.

[1] https://bughunters.google.com/about/rules/chrome-friends/chrome-vulnerability-reward-program-rules
[2] https://deadeclipse666.blogspot.com/