Find notable cyber news and cases, enriched with sources, timelines, and signals.

IRIS C2 zero-day exploit buying program

Commercial Activity
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

IRIS C2 publicly expanded its offensive cyber recruiting and exploit-buying pitch, offering $10,000 to $7 million for zero-day exploits and related capabilities across major platforms. The move positions the Virginia-linked startup as a seller of offensive cybersecurity capabilities rather than a defensive vendor. Corporate records tie the website to Calvexa Group LLC and a company base in McLean, Va.

Timeline

  1. 08.07.2026 15:31 2 articles · 1d ago

    IRIS C2 publicly advertises buying zero-day exploits

    Initial Disclosure

    IRIS C2 says it is a company in McLean, Va. that recruits vulnerability researchers and exploit developers while buying zero-day exploits, exploit primitives, partial chains, and full capabilities across major platforms, with payouts ranging from $10,000 to $7 million depending on target, reliability, and operational value.

    Show sources