Zero-Day

This SECMONS research brief analyzes how exploitation velocity turns vulnerabilities into enterprise-scale incidents, using verified historical cases (Log4Shell, CitrixBleed, MOVEit, SolarWinds) to propose a practical prioritization and containment model.

The SECMONS Zero-Day Tracker monitors publicly disclosed zero-day vulnerabilities and confirmed in-the-wild exploitation events. This tracker provides structured, verified intelligence for defenders.

A drive-by compromise is an attack technique where a victim’s system is compromised simply by visiting a malicious or compromised website. This SECMONS glossary entry explains how drive-by attacks work, how they relate to browser vulnerabilities and zero-days, and what defenders should monitor.

An Exploit Chain is a sequence of vulnerabilities or techniques combined to achieve full system compromise. This SECMONS glossary entry explains how exploit chains work, why single CVSS scores may underestimate risk, and how defenders should assess chained exploitation.

An exploit kit is a toolkit hosted on attacker-controlled infrastructure that automatically scans visiting systems for vulnerabilities and delivers exploits without user interaction beyond visiting a page. This SECMONS glossary entry explains how exploit kits work, their role in drive-by compromise campaigns, and why patch velocity is critical.

“Exploited in the wild” indicates that a vulnerability is actively being used in real-world attacks outside controlled research environments. This SECMONS glossary entry explains what qualifies as in-the-wild exploitation, how vendors confirm it, and how defenders should respond operationally.

A zero-day vulnerability is a software flaw that is exploited before a patch is available or before the vendor is aware of it. This SECMONS glossary entry explains what qualifies as a zero-day, how it differs from n-day vulnerabilities, how zero-days are weaponized, and how defenders should respond.