Most white collar jobs involve creating presentations. And this can be a time-consuming, laborious process. Presentations include data points, and ensuring that these data points remain accurate and up to date is a challenging task in its own right.

A study from Coveo, in fact, has found that the stress and hassle of locating the right information in workplaces is causing employee burnout. Employees report spending nearly four hours each day searching for info; over 31% of those surveyed said the frustration of being unable to find information made them feel burned out.

To help ease the burden — at least on the data points front — Nabil Jallouli, Bahir Saad and Younes Jallouli co-founded Rollstack, a platform that automatically updates the metrics and figures in slide decks, reports and documents. A member of Y Combinator’s Winter 2023 cohort, Rollstack has raised $1.8 million in seed funding from investors including Y Combinator, UpHonest Capital, Kima Ventures, Monte Carlo Capital and Roosh Ventures.

“Recurring reporting isn’t just a task — it’s a cornerstone of teams’ decision-making processes,” Nabil told TechCrunch in an email interview. “Teams operate in a constant cycle of data extraction, synthesis and presentation, both for internal strategizing and external communications. Traditionally, this workflow has been labor-intensive, but Rollstack is specifically designed for these challenges.”

Image Credits: Rollstack

Prior to founding Rollstack, Nabil led data, strategy and revenue operations teams at Pinterest, Deel and Groupon. Bahir was a software and DevOps engineer at cashierless checkout startup AiFi, while Younes held various engineering and product positions at Tesla.

With Rollstack, Nabil, Bahir and Younes sought to create a tool that allows teams to automatically update their presentations using data sources like Tableau, Salesforce and Looker. Rollstack lets users connect to data sources – including business intelligence tools, customer relationship management (CRM) platforms and databases — and set up scheduled data and visualization refreshes for presentations and reports created with Google Slides, PowerPoint, Google Docs, Word or Notion.

Rollstack takes care of refreshing the data where it’s presented and saves formatting and visualization preferences for future use. In addition, it allows users to create new versions of the same deck programmatically, and implement version control to roll back to historical data snapshots (e.g. data from a previous fiscal year).

“These automations allow employees to concentrate on their core tasks like analysis, strategy or selling, rather than the tedious process of generating data reports,” Nabil said.

Rollstack has competition in Coefficient, which lets users create, share and automate live reports, set up alerts and write data back to connected software-as-a-service (SaaS) tools. Actiondesk similarly connects with databases, CRMs and SaaS tools to feed live data into Excel and Google Sheets spreadsheets. But Nabil points out that Rollstack supports a wide range of document types — wider than most of its rivals, he asserts.

Rollstack claims that its customer base is growing by 50% every month and includes companies ranging from startups to “large publicly-listed firms.” Nabil wouldn’t disclose revenue — or burn rate. But he said that Rollstack plans to double the size of its seven-person team by the end of Q1 2024.

“Manual work is Rollstack’s primary competitor,” he added. “With the team’s expertise in the field, Rollstack is well positioned to leverage AI to further enhance its clients’ efficiency. The focus remains on delivering real value and impact to its users — rather than just following trends.”

A company that acquires and sells zero-day exploits — flaws in software that are unknown to the affected developer — is now offering to pay researchers $20 million for hacking tools that would allow its customers to hack iPhones and Android devices.

On Wednesday, Operation Zero announced on its Telegram accounts and on its official account on X, formerly Twitter, that it was increasing payments for zero-days in those platforms from $200,000 to $20 million.

“By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform,” the company wrote.

Operation Zero, which is based in Russia and launched in 2021, also added that “as always, the end user is a non-NATO country.” On its official website, the company says that “our clients are Russian private and government organizations only.”

When asked why they only sell to non-NATO countries, Operation Zero CEO Sergey Zelenyuk declined to say. “No reasons other than obvious ones,” he said.

Zelenyuk also said that the bounties Operation Zero offer right now may be temporary, and a reflection of a particular time in the market, and the difficulty of hacking iOS and Android.

“The price formation of specific items is heavily dependent on availability of the product on the zero-day market,” Zelenyuk said in an email. “Full chain exploits for mobile phones are the most expensive products right now and they’re used mostly by government actors. When an actor needs a product, sometimes they’re ready to pay as much as possible to possess it before it gets into the hands of other parties.”

For at least a decade, various companies around the world have offered bounties to security researchers willing to sell the bugs and hacking techniques to exploit those flaws. Unlike traditional bug bounty platforms like Hacker One or Bugcrowd, companies like Operation Zero don’t alert the vendors whose products are vulnerable, but instead sell them to government customers.

This is inherently a gray market, where prices fluctuate and the identity of the customers is often secret. But there are and have been public price lists such as the ones published by Operation Zero.

Zerodium, a company that was launched in 2015, offers up to $2,5 million for a chain of bugs that allows customers to hack an Android device with no interaction from the target, meaning the target doesn’t have to fall for a phishing link, for example. For the same type of chain, Zerodium offers up to $2 million, according to its website.

On modern mobile devices, thanks to improved security mitigations and defenses, hackers might need a series of zero-days to fully compromise and take control of a targeted device.

Crowdfense, a competitor based in the United Arab Emirates, offers up to $3 million for the same kind of chain of bugs on Android and iOS.

Referring to the bounties offered by Zerodium and Crowdfense, Zelenyuk said that he doesn’t believe they will ever drop so low.

“The Zerodium price sheet is outdated, but it doesn’t mean the company still buys for such low prices. They just don’t need to update them, the zero-day business works fine regardless of that,” said Zelenyuk.

The market for zero-days is largely unregulated. But in some countries, companies may have to obtain export licenses from the governments they operate from. This process essentially entails asking permission to sell to certain countries, which may be restricted. This has created a fractured market that is increasingly affected by politics. For example, a recently passed law in China mandates that security researchers alert the Chinese government of bugs before they alert the software makers. This law, according to experts, effectively means China is cornering the market for zero-days in an attempt to use them for intelligence purposes.

“This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them,” Microsoft said in a report from last year.

Corrected an earlier version of this story to remove “tenfold” from the second paragraph, this was due to an editor’s error. ZW

Do you have more information about the market for zero-days? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.

Each year, TechCrunch selects the top 200 early-stage founders from across the globe to feature at TechCrunch Disrupt in San Francisco. And as part of our programming, we host master classes with industry experts and venture capitalists to provide tactical advice and insight to these founders.

Today, I’m excited to share the first of a four-part series with Canvas Ventures’ Mike Ghaffary. In this session, Ghaffary outlined the important components of startup defensibility, the key strategic advantage buckets, and what startups can do to stay competitive as they build and scale.

This private session took place in August, and we are sharing these now so all of you can also reap the benefits of Startup Battlefield.