$4.5 Million Offered in New Cloud Hacking Competition


Cloud security giant Wiz has announced a new hacking competition where participants can earn significant rewards for demonstrating exploits against widely used cloud software.

The competition is named Zeroday.Cloud and it offers participants a total of $4.5 million in bug bounties. Interested security researchers must submit their entry by December 1 and they will demonstrate their exploits live on stage at the Black Hat Europe conference taking place December 10-11 in London. 

Wiz has teamed up with AWS, Google Cloud and Microsoft for Zeroday.Cloud. It’s worth noting that Google has announced plans to acquire Wiz for $32 billion. 

The Zeroday.Cloud hacking competition covers six categories. One of them is AI, with participants being offered maximum prizes ranging between $25,000 and $40,000 for hacking products such as Ollama, vLLM, and Nvidia Container Toolkit.  

In the Kubernetes and cloud native category, prizes range between $10,000 and $80,000 for exploits targeting the Kubernetes API Server, Kubelet Server, Grafana, Prometheus, and Fluent Bit. The highest reward is for Kubernetes API Server exploits.

The containers and virtualization category covers Docker, Containerd, and Linux Kernel, with prizes ranging between $30,000 and $60,000. 

In the web server category, participants can earn up to $300,000 for Nginx exploits, $100,000 for Tomcat exploits, and up to $50,000 for Caddy and Envoy vulnerabilities. 

Database hacks can also earn significant rewards — up to $100,000 is being offered for unauthenticated remote code execution exploits targeting Redis, PostgreSQL, and MariaDB. 

Advertisement. Scroll to continue reading.

Vulnerabilities in DevOps and automation software such as Apache Airflow, Jenkins, and GitLab CE can earn Zeroday.Cloud participants up to $40,000. 

“Submitted exploits should result in total compromise of the target, meaning a full Container/VM Escape for the Virtualization category, and a 0-click Remote Code Execution (RCE) vulnerability for other targets,” explained Nir Ohfeld, head of vulnerability research at Wiz. 

Given the significant prize pool and the standing of its backers, the cloud hacking competition has a high likelihood of success. However, it also appears to be facing some controversy.

Trend Micro, whose Zero Day Initiative (ZDI) has been organizing the Pwn2Own hacking competition for nearly two decades, has accused Wiz of copying some sections of its rules word-for-word. 

Related: $1 Million Offered for WhatsApp Exploit at Pwn2Own Ireland 2025

Related: VMware Flaws That Earned Hackers $340,000 at Pwn2Own Patched

Related: Microsoft Offers $5 Million at Zero Day Quest Hacking Contest



Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.