While technically a patch was released in late May, the Hitlist for -06-12-2024- was dominated by CVE-2024-37085. During this week, Mandiant published a report showing active ransomware deployments targeting this authentication bypass vulnerability.
The week kicked off with Google releasing an emergency security update for Chromium. A 0-day in the V8 JavaScript engine (CVE-2024-5274, high severity) was confirmed.
Three notable 0-days have either been disclosed or are seeing limited exploitation: 0-day and Hitlist Week -06-12-2024-
Zyxel NAS326/VPN Series – Pre-auth Command Injection
Google Chrome (V8 Engine Type Confusion) While technically a patch was released in late
While not yet confirmed as "0-day" exploited in the wild, these vulnerabilities carry CVSS scores of 9.0+ or have Proof-of-Concepts (PoCs) available, making them prime targets for attackers this week.
CVE-2024-21683 | CVSS: 9.8 (Critical) Atlassian released a patch for a Remote Code Execution (RCE) vulnerability in Confluence Data Center. Zyxel NAS326/VPN Series – Pre-auth Command Injection
A concise daily briefing covering zero-day activity and a prioritized “hitlist” of vulnerable, high-impact targets observed or exploited during the week of June 12, 2024. Includes exploited CVEs, active attack patterns, recommended mitigations, and prioritized action items for defenders.