Disclosure.
How we're funded
0dayNews is, at launch, funded entirely by display advertising, served programmatically through Google AdSense. We do not control which specific ads run, and we run no affiliate program — there are no product links, no commission-based recommendations, and no "buy this" content anywhere on the site.
No editorial decision is influenced by advertising. What we cover, how we cover it, and which vulnerabilities we prioritize is determined entirely by editorial judgment — newsworthiness, severity, and confirmed exploitation — never by any commercial relationship. We do not accept payment for coverage, ever, and we will update this page if that ever changes.
Responsible disclosure of vulnerabilities
As a publication that reports on security vulnerabilities, we hold ourselves to a responsible-disclosure standard distinct from — but related to — the coordinated-disclosure norms that govern how researchers report bugs to vendors:
- We report on published advisories. The vast majority of our coverage concerns vulnerabilities that are already public — listed in the CISA Known Exploited Vulnerabilities catalog, assigned an NVD record, or disclosed in a vendor security bulletin. We do not race to publish details of an unpatched, undisclosed vulnerability ahead of the affected vendor.
- We do not publish exploit code. We describe what a vulnerability does and what its real-world impact has been. We do not publish working proof-of-concept exploit code, weaponized payloads, or step-by-step attack instructions that would lower the bar for exploitation. Readers who need that level of technical detail for legitimate security research are pointed to the vendor's own advisory or established vulnerability databases.
- We honor embargo and coordination requests. If a vendor, researcher, or affected organization asks us to hold or amend coverage pending an active coordinated disclosure process, email takedown@0daynews.com and we will work with you in good faith.
- Tips involving unpatched vulnerabilities. If you have a tip about an unpatched, actively exploited vulnerability, send it to contact@0daynews.com. We will not publish technical detail sufficient to enable exploitation ahead of vendor remediation guidance being available.
Questions about either policy — funding or disclosure — are welcome on our contact page.