Latest zero-days Total: 392, in 2018: Zero-days 17, candidates: 5

Remote code execution in Microsoft Internet Explorer
CVE-2018-8373

2018-08-14

Remote command execution in Windows Shell on Microsoft Windows 10 and 2016
CVE-2018-8414

2018-08-14

Multiple vulnerabilities in Adobe Flash Player
CVE-2018-5002

2018-06-07

The vulnerability was reported to Adobe by the following researchers: Chenming Xu and Jason Jones of ICEBRG, Bai Haowen, Zeng Haitao and Huang Chaowen of 360 Threat Intelligence Center of 360 Enterprise Security Group, and Yang Kang, Hu Jiang, Zhang Qing, and Jin Quan of Qihoo 360 Core Security (@360CoreSec), Tencent PC Manager.

The attacks exploiting this vulnerability mainly target the Middle East.

Remote code execution in Samsung SDS Acube ActiveX Control

2018-05-31

The South Korean CERT has reported in the wild exploitation of a remote code execution vulnerability in a popular ActiveX component. The group behind this attack is called Andariel Group. the group is tied to activity of a known North Korean adversary Lazarus Group.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.