Trend Micro’s Zero Day Initiative (ZDI) is bringing its prestigious live hacking competition to Ireland in October 2025, offering a record $1 million bounty for a successful zero‑click exploit targeting WhatsApp, as announced on their official blog.
Why WhatsApp — and Why It’s Worth $1 Million
Meta is sponsoring Pwn2Own Ireland 2025’s new “messenger apps” category, with top rewards reserved exclusively for WhatsApp exploits. A complete zero-click remote code execution chain — requiring no user interaction and bypassing sandboxing — earns the full $1 million payout. In previous years, WhatsApp exploits at Pwn2Own Ireland earned up to $300K, with one-click variants and other targets like routers, NAS devices, printers, smart speakers, and smartphones offering up to $200K. The 2024 event paid out over $1 million across 70+ zero-day bugs, establishing Pwn2Own Ireland as one of the world’s largest vulnerability research competitions.
WhatsApp’s global ubiquity in personal and enterprise settings makes it a high-value attack vector. By offering a record-setting bounty, ZDI and Meta aim to attract elite researchers and uncover critical flaws before they’re exploited in real-world malware or espionage campaigns.
| Target | Exploit Type | Maximum Prize |
|---|---|---|
| Zero‑Click (0‑click) | $1,000,000 | |
| One‑Click | Reduced tiered prize | |
| Other Devices (printers, NAS, smart speakers, cameras, smartphones) | Varies | Up to $250–300K each in prior events |
The Zero Day Initiative
Industry Impact and Rationale
Pwn2Own serves as a global benchmark for proactive vulnerability disclosure. It enables vendors to patch high-impact flaws before they are exploited in the wild, while offering public transparency into emerging attack strategies. WhatsApp’s inclusion underscores growing concern over mobile messaging platforms as vectors for real-world attacks.
Participants who successfully demonstrate exploits earn both cash awards and “Master of Pwn” points — prestigious recognition within the infosec community for demonstrating advanced, reliable exploit chains.
The announcement of a $1 million bounty for a WhatsApp exploit at Pwn2Own Ireland 2025 marks one of the most ambitious targets set by the Zero Day Initiative to date. As mobile messaging continues to be a prime target for adversaries, this high-profile challenge — backed by Meta — signals a shift toward prioritizing proactive defense by rewarding vulnerabilities before they become widespread threats.
Leave a Reply