Zero-Day Tracker — Active & Recently Disclosed Zero-Day Vulnerabilities | SECMONS
The SECMONS Zero-Day Tracker monitors publicly disclosed zero-day vulnerabilities and confirmed in-the-wild exploitation events. This tracker provides structured, verified intelligence for defenders.
Zero-Day Tracker at SECMONS 🚨
The Zero-Day Tracker monitors publicly disclosed vulnerabilities that were exploited before a patch was available — or were confirmed as actively exploited at the time of disclosure.
This tracker is designed for:
- Security operations teams
- Vulnerability management teams
- Incident responders
- Security leadership
- Risk owners
It provides structured intelligence — not speculation.
For foundational definitions, see:
What SECMONS Means by “Zero-Day” 🧠
A vulnerability is treated as zero-day when:
- Exploitation occurred before a patch was available, OR
- The vendor confirmed active exploitation at disclosure, OR
- A government advisory identified it as exploited at disclosure
We do not classify vulnerabilities as zero-day based on rumor or unverified claims.
Absence from this tracker does not imply absence of exploitation.
What This Tracker Is Not ⚠️
SECMONS:
- Does not claim access to undisclosed vulnerabilities
- Does not publish private exploit details
- Does not disclose sensitive technical information
- Does not provide exploit code
- Does not provide weaponization instructions
All entries are based on publicly available, verifiable information.
Governance references:
How Entries Are Added 📊
An entry may be added when:
- A vendor confirms exploitation at disclosure
- A national authority lists it as actively exploited
- Credible research confirms in-the-wild activity
- Public evidence demonstrates pre-patch exploitation
Each entry links to a full vulnerability record under:
That record includes:
- CVE metadata
- Patch information
- Affected versions
- Timeline
- Risk interpretation
- Defensive guidance
Why Zero-Day Tracking Matters 🎯
Zero-day exploitation significantly increases risk because:
- Patching lag creates exposure windows
- Detection signatures may not yet exist
- Threat actors often chain exploits rapidly
- Campaign acceleration is common
Zero-days frequently correlate with:
- Targeted campaigns
- High-value infrastructure targeting
- Credential harvesting operations
- Privilege escalation chains
See related:
How to Use This Tracker 🧭
For Vulnerability Management Teams 🛠️
- Prioritize patch deployment
- Identify exposed internet-facing services
- Validate patch enforcement and restart requirements
For SOC Teams 🛰️
- Increase monitoring around affected services
- Hunt for post-exploitation behavior
- Correlate suspicious authentication activity
For Security Leadership 📈
- Assess exposure window risk
- Communicate urgency to stakeholders
- Align remediation timelines with real-world exploitation
Update & Review Policy 🔄
Zero-day entries may be updated to reflect:
- Patch release changes
- Exploitation status clarification
- Government advisory inclusion
- Additional confirmed targeting
The lastmod field reflects editorial update.
Historical state preservation is not guaranteed unless explicitly archived.
Browse Active & Historical Zero-Days 🔗
Explore detailed records in:
- /vulnerabilities/
- Filter by exploited status
- Review campaign context in /research/
- Map associated actors under /threat-actors/
For alerts and ongoing updates: