The South Korean CERT has reported in the wild exploitation of a remote code execution vulnerability in a popular ActiveX component. The group behind this attack is called Andariel Group. the group is tied to activity of a known North Korean adversary Lazarus Group.
Vulnerability exploitation was spotted by users of DrayTek routers. Attackers used CSRF vulnerability to change DNS settings of multiple routers to address: 184.108.40.206.
JS/Exploit.Pdfka.QNV trojan (ESET)
In March 2018 ESET detected attacks using two zero-day vulnerabilities in Microsoft win32k.sys driver (CVE-2018-8120) and and Adobe Acrobat.
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.