Tech News
← Back to articles

Zeroday Cloud hacking contest offers $4.5 million in bounties

2025-10-31 | original
read original related products more articles

A new hacking competition called Zeroday Cloud, focused on open-source cloud and AI tools, announced a total prize pool of $4.5 million in bug bounties for researchers that submit exploits for various targets.

The contest is launched by the research arm of cloud security company Wiz in partnership with Google Cloud, AWS, and Microsoft, and is scheduled for December 10 and 11 at the Black Hat Europe conference in London, UK.

Zeroday Cloud has six separate categories researchers can participate in, with bug bounties between $10,000 and $300,000:

AI – Ollama ($25k), Vllm ($25k), Nvidia Container Toolkit ($40k)

– Ollama ($25k), Vllm ($25k), Nvidia Container Toolkit ($40k) Kubernetes and Cloud-Native – Kubernetes API Server ($80k), Kubelet Server ($40k), Grafana ($10k auth RCE, $40k pre-auth RCE), Prometheus ($40k), Fluent Bit ($10k)

– Kubernetes API Server ($80k), Kubelet Server ($40k), Grafana ($10k auth RCE, $40k pre-auth RCE), Prometheus ($40k), Fluent Bit ($10k) Containers and Virtualization – Docker ($40 user-provided image, $60k arbitrary image), Containerd ($40 user-provided image, $60k arbitrary image), Linux Kernel ($30k container escape on Ubuntu)

– Docker ($40 user-provided image, $60k arbitrary image), Containerd ($40 user-provided image, $60k arbitrary image), Linux Kernel ($30k container escape on Ubuntu) Web Servers – nginx ($300k), Apache Tomcat ($100k), Envoy ($50k), Caddy ($50k)

– nginx ($300k), Apache Tomcat ($100k), Envoy ($50k), Caddy ($50k) Databases – Redis ($25k auth RCE, $100k pre-auth RCE), PostgreSQL ($20k auth RCE, $100k pre-auth RCE), MariaDB ($20k auth RCE, $100k pre-auth RCE)

– Redis ($25k auth RCE, $100k pre-auth RCE), PostgreSQL ($20k auth RCE, $100k pre-auth RCE), MariaDB ($20k auth RCE, $100k pre-auth RCE) DevOps & Automation – Apache Airflow ($40k), Jenkins ($40k), GitLab CE ($40k)

The rules of the competition say that submitted exploits should result in complete compromise of the target. Wiz explains that this means "a full Container/VM Escape for the Virtualization category, and a 0-click Remote Code Execution (RCE) vulnerability for other targets."

... continue reading

Related:
OpenAI Ends ‘Vesting Cliff’ for New Employees in Compensation-Policy Change
Startup Successfully Uses AI to Find New Geothermal Energy Reservoirs
How a 23-Year-Old in 1975 Built the World's First Handheld Digital Camera
La Liga Soccer: Stream Barcelona vs. Osasuna Live From Anywhere
Creality Falcon2 Pro 60 Watt Laser Engraver review: Deep cuts and fine engravings

© 2025 GoKawiil