Latest zero-days Total: 403, in 2018: Zero-days 27, candidates: 10

Privilege escalation in Windows Win32k.sys driver
CVE-2018-8589

2018-11-13

The vulnerability was privately reported to Microsoft by Kaspersky Lab.

Denial of service in Suricata
CVE-2018-18956

2018-11-06

According to MITRE statement, the vulnerability has been exploited in the wild in November 2018.

Denial of service when processing SIP packets in Cisco ASA and Cisco Firepower Threat Defense
CVE-2018-15454

2018-10-31

Not patched

The vulnerability was discovered during the resolution of a Cisco TAC support case and reported by Cisco PSIRT.

Remote code execution in Microsoft Word

2018-10-25

Not patched

TROJ_EXPLOIT.AOOCAI
TSPY_URSNIF.OIBEAO

Trend Micro has issued a report detailing in the wild exploitation of a publicly disclosed vulnerability in Microsoft Word. According to VirusTotal timestamps, the first wave of exploitation began on October 31, 2018. The vulnerability was disclosed on October 25.

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.