Exploited-in-the-Wild

An enterprise-grade emergency vulnerability patching playbook designed to guide rapid response to actively exploited vulnerabilities. This SECMONS guide outlines structured decision-making, prioritization, validation, and communication workflows.

The SECMONS Zero-Day Tracker monitors publicly disclosed zero-day vulnerabilities and confirmed in-the-wild exploitation events. This tracker provides structured, verified intelligence for defenders.

The CISA Known Exploited Vulnerabilities (KEV) Catalog lists CVEs that are confirmed to be actively exploited in the wild. This SECMONS glossary entry explains what KEV is, how vulnerabilities are added, how due dates work, and how defenders should operationalize KEV tracking in enterprise environments.

“Exploited in the wild” indicates that a vulnerability is actively being used in real-world attacks outside controlled research environments. This SECMONS glossary entry explains what qualifies as in-the-wild exploitation, how vendors confirm it, and how defenders should respond operationally.

A zero-day vulnerability is a software flaw that is exploited before a patch is available or before the vendor is aware of it. This SECMONS glossary entry explains what qualifies as a zero-day, how it differs from n-day vulnerabilities, how zero-days are weaponized, and how defenders should respond.

CVE-2023-4966 (CitrixBleed) is a critical vulnerability in Citrix NetScaler ADC and Gateway that enabled session token leakage and account takeover. This record provides verified analysis, exploitation context, and defensive mitigation guidance.

CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j 2 that enabled unauthenticated attackers to execute arbitrary code via JNDI lookups. This record provides verified technical analysis, exploitation context, impact assessment, and defensive guidance.