IRIS C2 zero-day exploit buying program
Commercial ActivityFirst reported
Last updated
Happening score
H score
31
Summary
Hide ▲
Show ▼
IRIS C2 publicly expanded its offensive cyber recruiting and exploit-buying pitch, offering $10,000 to $7 million for zero-day exploits and related capabilities across major platforms. The move positions the Virginia-linked startup as a seller of offensive cybersecurity capabilities rather than a defensive vendor. Corporate records tie the website to Calvexa Group LLC and a company base in McLean, Va.
Timeline
-
08.07.2026 15:31 2 articles · 1d ago
IRIS C2 publicly advertises buying zero-day exploits
Initial DisclosureIRIS C2 says it is a company in McLean, Va. that recruits vulnerability researchers and exploit developers while buying zero-day exploits, exploit primitives, partial chains, and full capabilities across major platforms, with payouts ranging from $10,000 to $7 million depending on target, reliability, and operational value.
Show sources
- Felons, Fraudsters Flog Offensive Cybersecurity Startup — krebsonsecurity.com — 08.07.2026 15:31
- Felons, Fraudsters Flog Offensive Cybersecurity Startup — krebsonsecurity.com — 08.07.2026 15:31