Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup called IRIS C2, operated by individuals with histories of fraud and conspiracy theories, advertises large payouts for zero-day vulnerabilities and offensive cybersecurity services. The company is linked to convicted felons Jack Burkman and Jacob Wohl, known for fraudulent activities and fake intelligence operations. IRIS C2 claims to recruit vulnerability researchers and sell exploits and phone-hacking services, but its legitimacy and operational security are questionable. There is no evidence of active exploitation or confirmed government contracts. The founders' criminal backgrounds and deceptive practices raise concerns about the trustworthiness of this entity in the cybersecurity market.
AI Analysis
Technical Summary
IRIS C2 is a cybersecurity startup publicly offering to acquire zero-day vulnerabilities and offensive cyber capabilities, operated by Jack Burkman and Jacob Wohl, both convicted felons with a history of fraudulent schemes and fake intelligence companies. The company openly advertises multi-million dollar payouts for exploits and claims to have about 40 employees, though none can publicly associate with the firm. Despite claims of government contracts, no direct contracts are confirmed. The founders' backgrounds include multiple felony convictions related to telecommunications fraud, securities fraud, and civil rights violations. The startup's aggressive recruitment and marketing tactics contrast with the typical discretion of government contractors in this space. No known exploits in the wild or technical vulnerabilities have been reported in association with IRIS C2 itself.
Potential Impact
The primary impact is reputational and operational risk within the cybersecurity vulnerability market. The involvement of convicted felons and known fraudsters in a company claiming to trade in zero-day exploits could undermine trust in vulnerability markets and government contracting processes. There is no direct evidence of technical exploitation or compromised software products. Potential buyers and researchers should exercise caution due to the questionable legitimacy and possible misuse of acquired vulnerabilities.
Mitigation Recommendations
No official patches or fixes are applicable as this is not a software vulnerability but a reputational and operational threat related to a company. Security professionals and government agencies should conduct thorough due diligence before engaging with IRIS C2 or related entities. Awareness and caution are advised when dealing with vulnerability brokers with questionable backgrounds. Monitor vendor advisories and official government contracting channels for verified partners.
Felons, Fraudsters Flog Offensive Cybersecurity Startup
Description
A cybersecurity startup called IRIS C2, operated by individuals with histories of fraud and conspiracy theories, advertises large payouts for zero-day vulnerabilities and offensive cybersecurity services. The company is linked to convicted felons Jack Burkman and Jacob Wohl, known for fraudulent activities and fake intelligence operations. IRIS C2 claims to recruit vulnerability researchers and sell exploits and phone-hacking services, but its legitimacy and operational security are questionable. There is no evidence of active exploitation or confirmed government contracts. The founders' criminal backgrounds and deceptive practices raise concerns about the trustworthiness of this entity in the cybersecurity market.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
IRIS C2 is a cybersecurity startup publicly offering to acquire zero-day vulnerabilities and offensive cyber capabilities, operated by Jack Burkman and Jacob Wohl, both convicted felons with a history of fraudulent schemes and fake intelligence companies. The company openly advertises multi-million dollar payouts for exploits and claims to have about 40 employees, though none can publicly associate with the firm. Despite claims of government contracts, no direct contracts are confirmed. The founders' backgrounds include multiple felony convictions related to telecommunications fraud, securities fraud, and civil rights violations. The startup's aggressive recruitment and marketing tactics contrast with the typical discretion of government contractors in this space. No known exploits in the wild or technical vulnerabilities have been reported in association with IRIS C2 itself.
Potential Impact
The primary impact is reputational and operational risk within the cybersecurity vulnerability market. The involvement of convicted felons and known fraudsters in a company claiming to trade in zero-day exploits could undermine trust in vulnerability markets and government contracting processes. There is no direct evidence of technical exploitation or compromised software products. Potential buyers and researchers should exercise caution due to the questionable legitimacy and possible misuse of acquired vulnerabilities.
Mitigation Recommendations
No official patches or fixes are applicable as this is not a software vulnerability but a reputational and operational threat related to a company. Security professionals and government agencies should conduct thorough due diligence before engaging with IRIS C2 or related entities. Awareness and caution are advised when dealing with vulnerability brokers with questionable backgrounds. Monitor vendor advisories and official government contracting channels for verified partners.
Technical Details
- Article Source
- {"url":"https://krebsonsecurity.com/2026/07/felons-fraudsters-flog-offensive-cybersecurity-startup/","fetched":true,"fetchedAt":"2026-07-08T15:18:37.835Z","wordCount":1585}
Threat ID: 6a4e6a4ec9d9e3dbe3544382
Added to database: 07/08/2026, 15:18:38 UTC
Last enriched: 07/08/2026, 15:18:47 UTC
Last updated: 07/08/2026, 15:18:50 UTC
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.