Latest zero-days Total: 390, in 2018: Zero-days 15, candidates: 2

Multiple vulnerabilities in Adobe Flash Player
CVE-2018-5002

The vulnerability was reported to Adobe by the following researchers: Chenming Xu and Jason Jones of ICEBRG, Bai Haowen, Zeng Haitao and Huang Chaowen of 360 Threat Intelligence Center of 360 Enterprise Security Group, and Yang Kang, Hu Jiang, Zhang Qing, and Jin Quan of Qihoo 360 Core Security (@360CoreSec), Tencent PC Manager.

The attacks exploiting this vulnerability mainly target the Middle East.

Remote code execution in Samsung SDS Acube ActiveX Control

The South Korean CERT has reported in the wild exploitation of a remote code execution vulnerability in a popular ActiveX component. The group behind this attack is called Andariel Group. the group is tied to activity of a known North Korean adversary Lazarus Group.

CSRF in multiple DrayTek routers

Vulnerability exploitation was spotted by users of DrayTek routers. Attackers used CSRF vulnerability to change DNS settings of multiple routers to address: 38.134.121.95.

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2018-4990

JS/Exploit.Pdfka.QNV trojan (ESET)

In March 2018 ESET detected attacks using two zero-day vulnerabilities in Microsoft win32k.sys driver (CVE-2018-8120) and and Adobe Acrobat.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.